Bitcoin sites leaked :( - Big bitcoin members emails database

[ajareselde]

It's one of the basic rule for all the newcomers out there, "CHANGE THE PASSWORD REGULARLY"

& never use the same password on different sites!

It doesnt get more simpler than that, but still some people keep on making the same mistake.
Keeping the passwords for a long time is also a bad choice.
Hope we dont get more bad press from things like this again

[Hfleer]

Just use a password manager like Keepass ...

[MakeBelieve]

Just use a password manager like Keepass ...

That doesn't prevent people from leaking websites with your password...it only helps remembering all the passwords.

[Hfleer]

Just use a password manager like Keepass ...

That doesn't prevent people from leaking websites with your password...it only helps remembering all the passwords.

No, that makes you use the password that the password manager creates for you. This way you never use the same password for all the sites.

[Aurum]

more bad news, him databases is true i contact him by email and brought the 3 database by 10btc, in one btc wallet private to no one know.

the admin of bitcoin.de talk there no possible hahahaha, bitcoin.de site is very secure, really i dont cant open any account since de 2fa is active on them site, but one user use the same password in email, i open the email and i see the blockchain wallet the same password, for my surprise booommmmmmm 33.78 btc in him wallet, that the btc is in my wallet now .

i spent 10 btc in them all database, so i am in a good profit now yes i am crazy, but i need to test it, now i am enjoying my weekend.

Now i buy him exploit for all faucet sites, i am testing with, if tomorrow i get fell good, i will share with yours the code

PS: the freebitco.in dont have 450k users, have 672157 users emails is too much text to read . Lets work.

[Aurum]

Sure i dont know because him is selling the db by 10 btc if him can get more than 500 btc hacking the users, These hackers are insane. him talk me him  apollogy dont are hack users. Him dont want innocent members money, and him orgasm is hack sites. For me is the best hacker until now.

[Cortex7]

...in most cases today passwords are not hashed in the database...

Unbelievable and lame.

No excuse for a crypto currency site!

It's so easy to add this to the PHP:

Code:

$sPassHash = hash( "sha1", $sPassword );

[Aurum]

...in most cases today passwords are not hashed in the database...

Unbelievable and lame.

No excuse for a crypto currency site!

It's so easy to add this to the PHP:

Code:

$sPassHash = hash( "sha1", $sPassword );

yeah its add more hard, but dont impossible.One tip, in one database the password is clean pure text

[Kieran Bass]

So bad for a crypto site(s) to have their site hacked like this.

[jbreher]

i contact him by email and brought the 3 database... one user use the same password in email, i open the email and i see the blockchain wallet the same password, for my surprise booommmmmmm 33.78 btc in him wallet, that the btc is in my wallet now .

It may be that I misunderstand your poor English, but I doubt it. The way this looks, you're a fucking lowlife thief.

[Aurum]

i contact him by email and brought the 3 database... one user use the same password in email, i open the email and i see the blockchain wallet the same password, for my surprise booommmmmmm 33.78 btc in him wallet, that the btc is in my wallet now .

It may be that I misunderstand your poor English, but I doubt it. The way this looks, you're a fucking lowlife thief.

sure i dont american, sure i dont forced know english, but iam profit. looooooool.

with your skillls in english, you have money? good to you!

bulshit people have to fucked, my teory.

[Aurum]

If you are hacked for your fall, use paypal them can return your money, i use bitcoin and have more than 100k on them, hack it, i doubt!

[wzb422]

They might have got their hands on the 3 crap sites

[Razick]

...in most cases today passwords are not hashed in the database...

Unbelievable and lame.

No excuse for a crypto currency site!

It's so easy to add this to the PHP:

Code:

$sPassHash = hash( "sha1", $sPassword );

It's not that easy if you want to do it right. Straight sha is too fast so you should use many iterations or sha2 or whirlpool.

[Cortex7]

...in most cases today passwords are not hashed in the database...

Unbelievable and lame.

No excuse for a crypto currency site!

It's so easy to add this to the PHP:

Code:

$sPassHash = hash( "sha1", $sPassword );

It's not that easy if you want to do it right. Straight sha is too fast so you should use many iterations or sha2 or whirlpool.

Thanks for the heads up!

This stack exchange comment seems pretty thourough:
http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords/31846#31846

[jbreher]

i contact him by email and brought the 3 database... one user use the same password in email, i open the email and i see the blockchain wallet the same password, for my surprise booommmmmmm 33.78 btc in him wallet, that the btc is in my wallet now .

It may be that I misunderstand your poor English, but I doubt it. The way this looks, you're a fucking lowlife thief.

sure i dont american, sure i dont forced know english, but iam profit. looooooool.

with your skillls in english, you have money? good to you!

bulshit people have to fucked, my teory.

Karma has a way of catching up...

[dadaas]

Yes, them use md5, the auroracoin forum use the traditional forum salt that is more hard to decrypt.

but with a good pay decoder with trillion hashes decode it no can be hard.

examples (hashes get from freecoinworld):
30fca77cebf16fe3c5b5b4db4371dee4  -  cinta3segi
842df9fecdc99ad5aea6deb7ab117ae0 - me4ta12345

One question, how does anybody crack those codes? Isn't it right that it takes long time to bruteforce those codes? Isn't that the whole point of hashing passwords, to make them practically uncrackable?

[annoyingorange]

Fake pastebin posts like this are common, but you really should use a password manager like keepass or 1password and generate unique random passwords for every website login.
You can make them easy to read/type such as "phi8lugh7ku9re" or near impossible to brute force like "uBw=wr,9i[RrdX"
Always have 2fa enabled for your email / dropbox / etc and if in doubt change your password.

[TheTruth4]

What do you mean? This looks like a legit pastebin. What is going on with this post?

[unexecuted]

What do you mean? This looks like a legit pastebin. What is going on with this post?

It is impossible to prove whether that post is legitimate, unless the bitcoin.de owners admit to the leak.
http://www.reddit.com/domain/pastebin.com/search?q=email&restrict_sr=on&sort=relevance&t=all