Someone had access to my account last month - Please beware!

[legendster]

So a guy I do not know sent me a message on Telegram saying that someone is trying to sell my account.

He has not revealed the name of the user.

I just checked BPIP and indeed there was a password reset last month. I don't know how this happened.

My email was hacked in April when I lost some significant amount of money, I'm suspecting this is probably a result of that.

I'm making this post here just as a warning to let everyone know, I do not intend to sell my account, EVER! Even if I die, this account will die with me.

[1714022092]

1714022092

[Charles-Tim]

Maybe this could be helpful:

[Guide] Bitcointalk account security
[GUIDE] How to Create a Strong/Secure Password

If you have already staked your address, it will also really be helpful if you can still sign a message with the address staked. You may know this, but just saying.

[mole0815]

That doesn't sound good. But the warning/info here was certainly not a mistake.
There is a page that shows you the visits of the last 30 days.
Maybe this will help you to confirm your suspicion: https://bitcointalk.org/myips.php

[legendster]

Maybe this could be helpful:

[Guide] Bitcointalk account security
[GUIDE] How to Create a Strong/Secure Password

If you have already staked your address, it will also really be helpful if you can still sign a message with the address staked. You may know this, but just saying.

I need to change the staked address as that one is compromised during the April hack that I mentioned above.

I already have a strong password. Always did.

That doesn't sound good. But the warning/info here was certainly not a mistake.
There is a page that shows you the visits of the last 30 days.
Maybe this will help you to confirm your suspicion: https://bitcointalk.org/myips.php

I don't have any merits to give you but I would if I had. Thank you.


Suspicion confirmed.



[moderator's note: consecutive posts merged]

[Bitcoin_Arena]

You are quite lucky that the hacker didn't completely lock you out of your account by changing your email address after the password change or use it to scam unsuspecting members.

Try to keep your email address very secure. 2FA should be a must. Once your email address is compromised. Every account linked to it including exchange accounts could easily be accessed by the hacker through password resets.

[LoyceV]

Suspicion confirmed.

Is there anything in your PM or outbox? Of course that could have been deleted so you can't know for sure.

No posts were made: loyce.club/archive/members/9/93844.html.

I just checked BPIP and indeed there was a password reset last month. I don't know how this happened.

Actually, the reset was today, a month ago it was only "changed":

Code:

8/18/2021 2:27:22 PM 	password changed
9/13/2021 3:53:45 PM 	password reset via email

I assume you're the one who reset it, but doesn't that mean the attacker must have entered your old password in order to change it?
Any chance you can sign a message from an old staked address?

[suchmoon]

Is there anything in your PM or outbox? Of course that could have been deleted so you can't know for sure.
[...]
I assume you're the one who reset it, but doesn't that mean the attacker must have entered your old password in order to change it?

Based on legenster's weird-ass accusation against Maidak, which he posted after he created this thread:

https://bitcointalk.org/index.php?topic=5359785

There is a non-negligible chance that he tried to scam Maidak and is now trying to pretend that he was hacked.

[eddie13]

Even if your staked address is “compromised” you should still be able to sign it..
Sign it and stake a new address if this is true..

How do we know the hacker/buyer isn’t making this whole story up as if he were the real legendster?

How did you log in of their was a password change?

[suchmoon]

How did you log in of their was a password change?

He reset the password today. The bigger question is - like LoyceV mentioned - how did the "hacker" access the account without resetting the password, and why did the presumably real legendster needed to reset it if...

I already have a strong password. Always did.

[Igebotz]

So a guy I do not know sent me a message on Telegram saying that someone is trying to sell my account.

Is it possible that some random individual messaged you on Telegram about selling your account? How? How did the account selling bot warn you on telegram if you don't have a telegram ID on your profile? And how did he know you weren't the one attempting to sell the account?

He has not revealed the name of the user.

Cause it never existed.

My email was hacked in April when I lost some significant amount of money, I'm suspecting this is probably a result of that.

How did you get access to the account today and reset the password without your mail? You lost access to your mail in April, and your password was reset last month. I don't believe your theatrics; pay off your debt and stop acting like a victim.

[examplens]

I need to change the staked address as that one is compromised during the April hack that I mentioned above.

you should definitely confirm ownership of the account by signing a message on one of your oldest addresses used here on the forum. I guess not all of them is compromised and only you have access to them.

Your oldest (used 11 April 2013) 1C5voy2et9odzmocDxirb4S6GrTJ6MeqsW here
Or 3JHJKATezUpeGs9JeobzY7U2Fo6iybZ6yL which you used (in 2018) to apply in signature campaigns. here, here, here

I already have a strong password. Always did.

the reason is that it must be determined that you are the original owner of the account. But obviously is not enough strong.

[tranthidung]

I remembered when I saw your topic Hiring Telegram Managers and I contacted you via Telegram.

It is since late of May and you almost inactive since May. What happened recent weeks?

[savetheFORUM]

If anyone is still not aware, this story was created to scam Maidak - https://bitcointalk.org/index.php?topic=5359785.0

[dansus021]

Suspicion confirmed.

bu i think the attacker using some IP guard like VPN or proxy because my account that im using right now is one victim and i regain on 2020

for now i think is good to change your email first and then change the password

maybe the reason my account got hacked is because i have same password and account

 you must not do what im doing

[legendster]

I remembered when I saw your topic Hiring Telegram Managers and I contacted you via Telegram.

It is since late of May and you almost inactive since May. What happened recent weeks?

If you scroll back into my posts you'll see I've been increasingly inactive on Bitcointalk since late 2019.

I've been focusing my energy on my work on Telegram and Discord.

I need to change the staked address as that one is compromised during the April hack that I mentioned above.

you should definitely confirm ownership of the account by signing a message on one of your oldest addresses used here on the forum. I guess not all of them is compromised and only you have access to them.

Your oldest (used 11 April 2013) 1C5voy2et9odzmocDxirb4S6GrTJ6MeqsW here
Or 3JHJKATezUpeGs9JeobzY7U2Fo6iybZ6yL which you used (in 2018) to apply in signature campaigns. here, here, here

I already have a strong password. Always did.

the reason is that it must be determined that you are the original owner of the account. But obviously is not enough strong.

The MeqsW wallet was from some third party exchange / platform. I don't even remember where.

I have access to the later ones as those would be from my Greenwallet wallet account. I'll have to install the desktop app and find a way to sign from there. Will do that later today or whenever I find some time.

The password itself was a strong alpha numeric 26 character pw with special characters and all..

I am suspecting the hacker got access to my Firefox sync account as well which would enable him to get passwords of different accounts. Of course I've reset that pw along with all the old important passwords. (and still resetting the unimportant ones)

Suspicion confirmed.

Is there anything in your PM or outbox? Of course that could have been deleted so you can't know for sure.

No posts were made: loyce.club/archive/members/9/93844.html.

I just checked BPIP and indeed there was a password reset last month. I don't know how this happened.

Actually, the reset was today, a month ago it was only "changed":

Code:

8/18/2021 2:27:22 PM 	password changed
9/13/2021 3:53:45 PM 	password reset via email

I assume you're the one who reset it, but doesn't that mean the attacker must have entered your old password in order to change it?
Any chance you can sign a message from an old staked address?

Yes I was the one who reset it and the one before was 'changed'.

Which implies the hacker must have had my BTT password from the April email breach (which would have given him access to Firefox sync where I store a bulk of my passwords) and he simply tried to log in and changed the pw last month.

There have been a number of attempts since April to log into my exchange accounts but since I reset them no one has gotten in but I did get a bunch of emails from Binance and other exchanges where there were some failed attempts to log in.

And no, nothing in the outbox.

And yes I can sign from some of the old addresses but they won't mean anything as the hacker would have access to them as well.

You are quite lucky that the hacker didn't completely lock you out of your account by changing your email address after the password change or use it to scam unsuspecting members.

Try to keep your email address very secure. 2FA should be a must. Once your email address is compromised. Every account linked to it including exchange accounts could easily be accessed by the hacker through password resets.

That is what boggles my mind that someone got in DESPITE 2FA being active on ALL my accounts.

And google defaults to the new way of 2fa where you get a notification screen where you have to approve that you're signing in from a new device - I didn't get any of that when the hacker got into my email in April.

I was only notified when my DDIM tokens were being unstaked and I got that notification on Telegram. But It was already around 50 minutes late.

PS: I was stupid enough to have saved my master priv key sheet in the drafts of my email around Feb when I was doing a PC OS upgrade. And didn't care enough to delete it later. Because in the back of my mind I knew no one could bypass my 2fa. I was wrong.


After the hack, I did make a post on Linkedin and perhaps Twitter, seeking advice from security experts.



[moderator's note: consecutive posts merged]

[LoyceV]

I am suspecting the hacker got access to my Firefox sync account as well which would enable him to get passwords of different accounts.

Wait, you stored your passwords in the cloud? Why on earth would you do that? Cloud storage is a terrible idea for passwords. I don't even dare use the same account on more than one device, because each device increases the risk of getting compromised, let alone give each device access to everything!

[The Sceptical Chymist]

I am suspecting the hacker got access to my Firefox sync account as well which would enable him to get passwords of different accounts.

Wait, you stored your passwords in the cloud? Why on earth would you do that? Cloud storage is a terrible idea for passwords.

I'm a complete idiot when it comes to tech, and even I know not to do that.  I'm not trying to rub salt in any wounds here, legendster, but damn.  I use Firefox, but don't use the sync function.

And I'm not even sure why e-mail is required on this forum.  I get that some people want the 2FA security, but for me it's just another piece of data that can be hacked, and personally I don't care to enter anything but a throwaway e-mail address.

He reset the password today. The bigger question is - like LoyceV mentioned - how did the "hacker" access the account without resetting the password, and why did the presumably real legendster needed to reset it if...

Why didn't the hacker reset the password is the better question.  And if legendster did indeed get hacked and the hacker didn't change it, I understand why legendster would change it--unless I'm missing something obvious.  I'm assuming the hacker got access to it from the Firefox data in which it was stored and presumably still has it.  No idea why a hacker wouldn't change a password on an account they just hacked, but hey....I'm not a hacker.

[LoyceV]

a throwaway e-mail address.

That means someone might be able to access that email address. Yopmail users for instance have had their account compromised that way.

No idea why a hacker wouldn't change a password on an account they just hacked

See:

Changing the password raises red flags, while quietly using the account might result in a successful PM scam.

Further reading here.

[NotATether]

That is what boggles my mind that someone got in DESPITE 2FA being active on ALL my accounts.

Which 2FA method?

Google has several different options for 2FA, there is one where you open the Gmail app on your mobile phone, another uses Google authenticator, and I believe there is also an SMS verification also. So which one were you using at the time of the hack?

[kurian]

legendster's account has been hacked ! I am so much scared to see it. legendster is a very reputed and skilled person on our Indian board.
When I joined the forum, I was not very careful about email , I have created my account with a random email address, will I have a problem? What do I have to do now? please suggest me.