Bitcoin Forum
July 30, 2024, 09:29:15 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: How I almost lost my account.  (Read 294 times)
BlackBoss_
Sr. Member
****
Offline Offline

Activity: 714
Merit: 416


Rollbit is for you. Take $RLB token!


View Profile
June 04, 2024, 01:06:59 AM
 #21

Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.
Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!
https://bitcointalk.org/index.php?action=profile;sa=account
Secret question will trigger an account lock for security reason, it does not help you to recover your account or password.

This feature was disabled after a forum hack (sever compromise) in 2015.
On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
|
██░░░░░░░░░░░░░░░░░░░░░░██
▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀
▄▄███░░░░░░░░░░░░░░███▄▄
▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀
▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄
█░▄▄▄██████▄▄▄░█
█░▀▀████████▀▀░█
█░█▀▄▄▄▄▄▄▄▄██░█
█░█▀████████░█
█░█░██████░█
▀▄▀▄███▀▄▀
▄▀▄
▀▄▄▄▄▀▄▀▄
██▀░░░░░░░░▀██
||.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▄██████▀████░███▄██▄
███░████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
FAZE CLAN
SSC NAPOLI
|
NotATether
Legendary
*
Offline Offline

Activity: 1680
Merit: 7083


In memory of o_e_l_e_o


View Profile WWW
June 04, 2024, 07:19:00 AM
 #22

Why would you use a throwaway email address? Don't you know that whoever is running the throwaway email server can get all the messages that the forum sends you?

Apart from that, but anonymous email signup services like simplelogin and passmail (proton pass) completely cover all the benefits of these throwaway email addresses, minus the risk of losing access to email reset.
JiiBs (OP)
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
June 04, 2024, 07:17:51 PM
 #23

Why would you use a throwaway email address? Don't you know that whoever is running the throwaway email server can get all the messages that the forum sends you?

Apart from that, but anonymous email signup services like simplelogin and passmail (proton pass) completely cover all the benefits of these throwaway email addresses, minus the risk of losing access to email reset.
If I am to be any true to myself, I didn’t dig deep on the what risk I stand to incur by using a throwaway email address and that’s entirely my fault, I am owing that. It wasn’t the original plan and it only became an option after I had tried using my functional email to create an account and the evil IP thing came up. My next trier failed to accept previous email as it had been used and so, the throwaway email became an option. I felt I could change it as time goes and that turned into procrastination coupled with the fact that, I was still getting used to the forum.
It only dawned on me after the incident of a forgotten password and good enough, it wasn’t too late to think and rethink to come up with the combination and make necessary adjustments.
Saint-loup
Legendary
*
Offline Offline

Activity: 2688
Merit: 2406



View Profile
June 06, 2024, 09:37:50 PM
 #24

Besides that, you could have set a secret question first, you wouldn't need to remember your throwaway address.
Quote
Secret Question:
To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.
Answer:
Choose carefully, you wouldn't want someone guessing your answer!
https://bitcointalk.org/index.php?action=profile;sa=account
Secret question will trigger an account lock for security reason, it does not help you to recover your account or password.

This feature was disabled after a forum hack (sever compromise) in 2015.
On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:
- Email address
- Password hash (see below)
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your secret answer
- Various settings

PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT
You are kidding me dude? You are talking about an event that happened almost ten years ago and quoting posts from the same period. I hope everything is back to normal ten years later. If one user has created his account after the 2015 hack, how hackers could have taken his secret question while his account didn't exist? It's not possible. So I guess what's written is true : "It's like a second password."

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!