Protect Your Account

[LFC_Bitcoin]

**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**


Please, I can’t stress this enough, please make sure the email address set to your account is private.


You may have seen what happened to BitcoinGirl.Club here - https://bitcointalk.org/index.php?topic=5266437.0

This is what I am understanding.

Yesterday evening after the poker game, I was doing my usual work. At some point, I was going to check my sportsbet T-shirt update. I was looking for the email sportsbet sent so that I get the link to fill up the form. I saw three emails. One already read. The two new with the update of they are running out of the t-shirts. So I opened one of the email, checked the link and it was taking too long time to load the page. When it was annoyingly late, I closed the tab but my system seemed unexpectedly slow. It happens sometimes and I usually force close the system and restart. I did the same and then started my usual work. When I wanted to  login in few of my accounts it always asked me for passwords. Nothing flagged me though. I did not had any 2nd thought. When it was late I gone to bed. Today morning when I wanted to login to bitcointalk discovered everything. Before everything else I knew I had to reset my device which I did.

Now I do not have access of the email. All the accounts, exchanges, business, social media, gambling sites everything that had the email are fucked up. I am contacting each of the sites to help me changing the email addresses. I am going through a lot now. In some accounts I have money locked. This will not be a very easy ride for me. Everything fucked!!!

I do not deserve it. Thanks whoever you are.

I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history.

If you haven’t already then follow these steps to make your email address hidden -

- Click Profile at the top of your browser
- Under Modify Profile on the left click Account Related Settings
- Make sure the circled box is ticked (example email address is not mine)



Safe surfing & fuck hackers!

[DdmrDdmr]

Yes, the "hide email address from public" flag is on by default (meaning hidden), but I guess people are used to being rather social, and switch it of in many cases (some are business relate, and therefore deliberately conscious). Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.

I figure though that BitcoinGirl.Club’s case is not down to the email being visible on the profile (I don’t think it was, and Archieve sites seem to show it as hidden historically, right up to a snapshot from a couple of days ago). It looks more like some malware got installed after following a link.

[Timmzzy]

I believe Newbies really need to see this. When I first noticed the hacking of Bitcointalk account activity some time ago. I just got this instinct of making use of that feature of hiding my email of from the forum which I believe they get into one's Account using that means of email. How wish 2af will be implemented on Bitcointalk.  

[alani123]

Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

[Coyster]

Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.

That number (56k) is very high, users should hide their email addresses and should not use their btt email for any other purpose, whether the service is trusted or not; a unique address for your btt account would prevent phshing mails and malware links being sent to your email that could lead to a compromise of your email and your account as well.

It looks more like some malware got installed after following a link.

Newbies should also verify links they receive in their mail box, never click on it, the hackers can design the link to look original and like its coming from providers you registered the email with for some service or the other, verify first and if you are 99% certain, don't click it. 

[Finestream]

Good advise, when I was starting in the forum, my email was displayed but later I realized that I could be prone to an unsolicited emails so I hide it until now. It's unfortunate that  BitcoinGirl.Club fall for this hackers, hopefully he is alright and he can solve his problem, worse is he has some money on some accounts, damn, the timing is not even good, everyone needs money at the pandemic while hackers continues to do their heartless activities.

Newbie deserves to read this post, thanks for the concern @LFC_Bitcoin

[elda34b]

Nice reminder. Maybe also check your others social media, create another e-mail purely for business purpose and never leave personal details, especially you're not using a centralized services. Some hackers might also try their luck hacking your Telegram account for example. Telegram are as important as e-mail nowadays.

[The Cryptovator]

Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address. But of course, my secondary mail is hidden still now. So no one can see it easily. Passwords should use very strong and different from other sites. More securely we have to keep safe our email address because hackers could use reset passwords by mail. So we have to be careful with our mail system. Usually, I don't use my current bitcointalk mail for any other sites to avoid spam messages.

[LFC_Bitcoin]

Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?

[Upgrade00]

Aren’t there websites that delete a message after it’s been read?

There are such websites available, but I've not used most and as such cannot recommend any. This feature is also available on telegram chat, to activate it; you Set Secret Chat > Set Self Destruct Timer > Select The Preferred Time Range. The destruct timer ranges from a couple of seconds to a week and not necessarily when the message has been read by the other party, so the conversation has to be synchronized.

I would however not recommend very sensitive information is sent across such websites as they are commonly targeted by hackers through phishing attacks for such data.

[20kevin20]

Furthermore, I'd recommend using a different e-mail for different categories of accounts you have. For example, use one mail for social media accounts and a completely different one for exchange accounts. This not only lowers the chances of all your accounts being compromised at once but also decreases the chances of all your accounts being linked by an external party to your identity. This way, if your "exchange" email gets compromised, you know that you should only consider the said accounts compromised - unlike having all accs on the same mail, where you have to check whether all of them have been affected or not.

[Scripture]

Upon checking my email account is already hide from the public and I think this is already on a default settings. I don't know the reason why a person will expose their personal email where we know the risk of sharing it. Though I've seen many bounties publicly share the emails of the participants on the spreadsheet, I just forget that bounty name but its they should not do that. I also suggest to have more emails for your different purposes, and to be more safe from hackers and scammers.

[NavI_027]

Yes, the "hide email address from public" flag is on by default (meaning hidden)

Thank God I am doing the right since day one. Actually I'm about to check my profile already to check it again but good thing I read your post. You saved few minutes of my time . I strongly believe that my email was hidden all the time but still OP's post alarmed the hell out of me lol (paranoia strikes).


My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.

[Peanutswar]

Also, this is a good feature and it depends on the user how does it works why they show or hide their emails.

On our profiles, we have the email that the other member can easily see, and based on my perspective there is a good and bad side why we need to show or hide this.


Show
Other members can see and can direct email to us.
You can message each other in private.
Prone to hacking because your email is already exposed. Sometimes your passwords are not strong and do not contain:

Small letter
Capital letter
Number
Symbols

Hide
To avoid getting reached by the intruders want to do something with your email and account.

[Yaunfitda]

I have practice to hide my email here since day one because I know it could be a vector of attack sometime. Those with  bad intent some scrape emails here and then try to hack it. I think this is one method that's why there is a rampant attacks way back in 2017 wherein we hear a lot of accounts being hack very easily.

I already informed our campaign manager about this incident since BitcoinGirl.Club and I are both in the same campaign.

[Husna QA]

Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.

[alani123]

Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?

Yes, sites like https://privnote.com/
Better yet there are apps like snapchat, Viber (timed message mode). Works better in a sandboxed environment like an android phone. But with snapchat there have been occasions where hundreds of thousands of supposedely deleted snap image messages were accessed from the platform's servers and celebrities were targeted. So non p2p solutions aren't perfect.

Even better there is the FOSS Off The Record (OTR) messaging which allows for deniable authentication from a certain party in a trustless and p2p way. Overall tons of better ways to message people other than PMs in a forum. Especially so if the goal is privacy.

[sheenshane]

I dont want to use other features in protecting my Bitcointalk account because might be cause trouble upon losing those credentials connected with your account. Hiding email addresses is enough for me at least, you know also how to access your email. Especially stated above of my reply, never use a secret question security feature, which is very risky upon recovery in your account.

It is good if you will separate your email address exclusively for the Bitcointalk account only and for those social media account should always be separated.

Might good if don't open your email address used in Bitcointalk, especially from the unknown PM's.

[smyslov]

Emails that you are using is very important that is why you should set up some safety parameters like two factor authentication and phone verification so you can access it only after putting the code we need to beef the security on all emails that we are using because this is where we can access all our accounts from other sites, especially when you are using a public computer.

[DdmrDdmr]

I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.