My account got hacked by an amateur.

[gogodr]

Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.

[1714982411]

1714982411

[1714982411]

1714982411

[1714982411]

1714982411

[1714982411]

1714982411

[1714982411]

1714982411

[roslinpl]

Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.

well maybe this is why :
https://www.dropbox.com/s/7nso75hquwh4p9v/bug.png

They did warned us about this possibility You should change your password =)

[escrow.ms]

Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.

Did you used same password on other sites?

[gogodr]

xD
I see. In fact I did not see the warning.
Well I hope they patched it already. (they have to recompile apache or nginx with the openSSL update)
otherwise, someone can just start sniffing again and get all the accounts again.

I don't use the same password for everything, I use a composite password made up of 3 words and both alphanumeric and special characters
(not afraid of saying how my password is made, bruteforcing it will take more than a couple of years anyways. )

[jbrnt]

It is best to use a different password for different sites. I use a completely different style of passwords for newly created and doggy sites, especially forums and gambling ones.

I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites.

[Justin00]

I wouldn't call ya paranoid..... what your suggesting is definitely happening

Even sites which only want your email addy, generally to send you a weekly report or secret beeteecee insider trading info you must read nowz!! have been proven to use your email addy to target you in malware/virus emails. Its obvious something not quite legit is going on when you never get said weekly report etc etc, but its to late at that stage.

I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites.

[Justin00]

Did you login at all the day the exploit was released to the public ? I think it was 8th of April..
Does that ring a bell hehe ?

Anyways assuming no one else knew about this until it was released to the public, Theymos said he fixed it within hours... so they could of only gotten your user/pass if you logged in during the window where the exploit was in the wild but before theymos patched it.... if that makes sense.

Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.