Bitcoin Forum
November 25, 2017, 05:40:26 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: My account got hacked, is there a way to recover access to it?  (Read 2600 times)
greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
September 17, 2014, 05:53:57 PM
 #1

The hacker changed my pw, email and security question on my account. Is there a way to recover access to it? It seems obvious now but BitcoinTalk really needs 2fa and some kind of confirmation sent to the original email on changes like this along with ip logs.

Bitrated user: greatwolf.
1511588426
Hero Member
*
Offline Offline

Posts: 1511588426

View Profile Personal Message (Offline)

Ignore
1511588426
Reply with quote  #2

1511588426
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
eid
Hero Member
*****
Offline Offline

Activity: 618


View Profile
September 17, 2014, 06:10:49 PM
 #2

The hacker changed my pw, email and security question on my account. Is there a way to recover access to it? It seems obvious now but BitcoinTalk really needs 2fa and some kind of confirmation sent to the original email on changes like this along with ip logs.

If you've associated a BTC address in an old post or PM, yes:

https://bitcointalk.org/index.php?topic=497545.0


If you haven't, forget it because you won't ever get it back.
hilariousandco
^^
Global Moderator
Legendary
*
Offline Offline

Activity: 1484


How does one bitcoin?


View Profile WWW
September 17, 2014, 06:41:38 PM
 #3

It seems obvious now but BitcoinTalk really needs 2fa and some kind of confirmation sent to the original email on changes like this along with ip logs.

It really is needed, but what's needed even more is for people to look after their accounts a bit better and not log into phishing sites. I hope you're more careful with your coins. 

Shogen
Legendary
*
Offline Offline

Activity: 966



View Profile
September 18, 2014, 04:55:37 AM
 #4

... but BitcoinTalk really needs 2fa and some kind of confirmation sent to the original email on changes like this along with ip logs.

Strongly agree with you. The good news is that we should have 2FA feature ready in the new forum software.

https://bitcointalk.org/index.php?topic=523070.0
Fancy Authentication

In addition to normal password authentication, the forum should support various kinds of of alternative authentication. At least password auth, email verification, secret questions, OpenID, PGP, OpenVPN (automatic creation of subnets + IP source verification), and Bitcoin address signing should be supported, with multiple allowable credentials for each auth type. Users should have the option of requiring any combination of these auth types. Like "pgp OR (password AND OpenID)". And users should be able to require that changes to some or all auth types as well as the required combination of types not take effect for some configurable number of days. This allows for different types of recovery methods.


greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
September 18, 2014, 05:49:42 PM
 #5

I've sent badbear and theymos signed messages as per instructions here. In fact, I've signed it twice using two different btc addresses that have been used with my original account to prove ownership. How long should it take them to get back to me?

Bitrated user: greatwolf.
hilariousandco
^^
Global Moderator
Legendary
*
Offline Offline

Activity: 1484


How does one bitcoin?


View Profile WWW
September 18, 2014, 05:51:02 PM
 #6

That depends how busy they are but I don't think BadBear deals with account hackings. You'll just have to wait and be patient.

greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
September 18, 2014, 06:00:55 PM
 #7

Is there any other staff or mods that deal with account recovery that I can also contact to help speed this process? I also mentioned in the message that they can verify and confirm also by comparing the ip logs between my original account and this to help support my case. Additionally, I can also send a confirmation email reply from my original email address used to register that account as well.

All of that should be overwhelmingly sufficient evidence to reset the email for that account.

Bitrated user: greatwolf.
hilariousandco
^^
Global Moderator
Legendary
*
Offline Offline

Activity: 1484


How does one bitcoin?


View Profile WWW
September 18, 2014, 06:05:09 PM
 #8

Nope, just theymos as far as I'm aware. If you've sent all the correct info - which it appears like you have - all you can do now is wait for theymos to recover it, though he's a busy guy and gets lots of these requests plus I imagine a helluva lot of other stuff daily.

wosch76
Legendary
*
Offline Offline

Activity: 931


EchoLinkInfo


View Profile WWW
September 19, 2014, 01:26:40 PM
 #9

I have the same problem.
I lost the access to my account on this nem phising attack and pm'd theymos this monday but didn't get a reply yet.
I think it's too much pm's and lost account's to get through for one person.
Can't some other mods help theymos? Just temporarely til the storm is over?
hilariousandco
^^
Global Moderator
Legendary
*
Offline Offline

Activity: 1484


How does one bitcoin?


View Profile WWW
September 19, 2014, 01:31:55 PM
 #10

It would be a good idea to delegate the workload, but the only other person who probably could do it is BadBear and I don't think he's too keen on sorting out hacked accounts, though maybe he will change his mind as I don't think he was that eager to become a admin either at one point.

ziggyII
Newbie
*
Offline Offline

Activity: 24


View Profile
September 19, 2014, 07:28:31 PM
 #11

I have the same problem.
I lost the access to my account on this nem phising attack and pm'd theymos this monday but didn't get a reply yet.
I think it's too much pm's and lost account's to get through for one person.
Can't some other mods help theymos? Just temporarely til the storm is over?
I am waiting for his reply.too
In the past 4 days I PMed him 3 times
day 1 I sent my signed message,for anxious reasons I misread the format so made a mistake in it but I didn't realize at that time
day 2 I asked if my account can be recovered   
day 3 with other people's help I fond what I signed in day 1 is wrong,so I corrected and PMed it again
now it is day 4
he said:
Quote
If I point you to this thread, you can't prove ownership properly, and then I ignore your future PMs, this means that I'm not going to recover your account. Create a new one.

so what I worried is my last pm with correct signed message be ignored because the first one is wrong
will it happen?



 
wosch76
Legendary
*
Offline Offline

Activity: 931


EchoLinkInfo


View Profile WWW
September 22, 2014, 02:12:17 PM
 #12

Did anybody ever got restored his account or got a reply by theymos?
Can someone confirm this?
I'm just curious, cause I only read about pm's that get never answered Cool
greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
September 22, 2014, 06:58:59 PM
 #13

It's 5 days later, I still haven't gotten so much as a reply or peep from theymos. I don't get what his deal is, I've followed the instructions as pointed out in his account recovery thread. I've verified the signed PM message through blockchain.info and https://brainwallet.github.io/#verify and they both check out.

I mean if there's something wrong shouldn't theymos at least get back to me on what that is? This whole ordeal is stupid and incredibly infuriating -- right now the only thing standing in the way between a hacker and your bct account is your password; there is no other defense to deter a hacker like having 2fa, confirming on email changes etc. like mentioned in my original post.

That being the case, I don't understand why their account recovery process is so piss poor.

Bitrated user: greatwolf.
greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
October 03, 2014, 02:39:37 PM
 #14

I resent another msg to theymos on 9/26/14. Still no response as of this posting.

Bitrated user: greatwolf.
Tammy Chan
Hero Member
*****
Offline Offline

Activity: 821



View Profile
October 03, 2014, 02:46:09 PM
 #15

Still no response as of this posting.

For your information, theymos replied on reddit a few days ago regarding another more complicated recovery request (link: http://www.reddit.com/r/Bitcoin/comments/2hne0g/useraccounts_bitcointalkorg_not_like_other/ckugt4c), but there is something in common for all recovery requests.

Quote
Account recoveries are my lowest priority because they involve a ton of investigation, and you shouldn't lose your account in the first place. If my investigation is not thorough, I could end up accidentally "recovering" an account by giving it to a thief. But I don't often have hours of spare time to devote to such things, so I end up doing only a few account recoveries per month, and many requests get ignored. (I choose recent requests that look straightforward. For any forum business, if I ignored your past requests, resend it every couple of weeks and make it more clear/straightforward.)

greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
November 14, 2014, 09:00:54 PM
 #16


For your information, theymos replied on reddit a few days ago regarding another more complicated recovery request (link: http://www.reddit.com/r/Bitcoin/comments/2hne0g/useraccounts_bitcointalkorg_not_like_other/ckugt4c), but there is something in common for all recovery requests.

Quote
Account recoveries are my lowest priority because they involve a ton of investigation, and you shouldn't lose your account in the first place. If my investigation is not thorough, I could end up accidentally "recovering" an account by giving it to a thief. But I don't often have hours of spare time to devote to such things, so I end up doing only a few account recoveries per month, and many requests get ignored. (I choose recent requests that look straightforward. For any forum business, if I ignored your past requests, resend it every couple of weeks and make it more clear/straightforward.)

Two responses to the above, firstly I think my case falls on the straightforward case since no one has stepped up to dispute my claim to my account. But then again, what does he even consider straightforward exactly? That sounds completely subjective and whatever mood he happens to be feeling. Why not delegate some of that task to other mods? They're trustworthy enough to do it and perfectly capable.

Secondly, why doesn't theymos secure BCT accounts better and make them harder to hack? Then there would be less account recovery request because less accounts are being hacked. Low-hanging fruits that come to mind:

  • Email confirmation on account creation
  • Email confirmation when changing vital account settings
  • 2FA

These aren't new ideas. See this thread for example.

Bitrated user: greatwolf.
Willisius
Sr. Member
****
Offline Offline

Activity: 364

I'm really quite sane!


View Profile
November 15, 2014, 05:30:02 AM
 #17


For your information, theymos replied on reddit a few days ago regarding another more complicated recovery request (link: http://www.reddit.com/r/Bitcoin/comments/2hne0g/useraccounts_bitcointalkorg_not_like_other/ckugt4c), but there is something in common for all recovery requests.

Quote
Account recoveries are my lowest priority because they involve a ton of investigation, and you shouldn't lose your account in the first place. If my investigation is not thorough, I could end up accidentally "recovering" an account by giving it to a thief. But I don't often have hours of spare time to devote to such things, so I end up doing only a few account recoveries per month, and many requests get ignored. (I choose recent requests that look straightforward. For any forum business, if I ignored your past requests, resend it every couple of weeks and make it more clear/straightforward.)

Two responses to the above, firstly I think my case falls on the straightforward case since no one has stepped up to dispute my claim to my account. But then again, what does he even consider straightforward exactly? That sounds completely subjective and whatever mood he happens to be feeling. Why not delegate some of that task to other mods? They're trustworthy enough to do it and perfectly capable.

Secondly, why doesn't theymos secure BCT accounts better and make them harder to hack? Then there would be less account recovery request because less accounts are being hacked. Low-hanging fruits that come to mind:

  • Email confirmation on account creation
  • Email confirmation when changing vital account settings
  • 2FA

These aren't new ideas. See this thread for example.
Email confirmation would not do anything to help secure accounts and the lack of email confirmation helps users maintain anonymity. Also if the forum were to get hacked and email addresses were to be exposed then the hacker would have a large list of email addresses they could use on a phishing attack or could try to hack the subject email addresses because they know they are associated with bitcoin.

If email confirmation is not necessary to register an account then requiring email confirmation to change certain account settings would not work as people could be using a fake email address.

2FA would be useful however it would be difficult to implement into SMF. Theymos has also said that the overwhelming majority of account hacks are the result of some kind of error on the user's part.     
peligro
Hero Member
*****
Offline Offline

Activity: 596


1NoBanksLuJPXf8Sc831fPqjrRpkQPKkEA


View Profile
November 15, 2014, 08:24:39 AM
 #18

I disagree, I think a simple email confirmation will add a lot of security. Only the password protecting the account is very insecure.

Recovery of hacked accounts should be a priority as they are soon sold off by newbie traders. Once they are with the buyers the job of the hackers is done.

█    █     ██    ███     ███    ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████     ███     ███    ██     █    █
..BREAKOUT COIN ..
  M U L T I C U R R E N C Y   S M A R T   C O N T R A C T S   +   S I D E C H A I N S
★     B I T C O I N T A L K   T H R E A D     |     W E B S I T E     |     T W I T T E R     |     G I T H U B     ★
.
█    █     ██    ███     ███    ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████     ███     ███    ██     █    █
greatwolf_
Jr. Member
*
Offline Offline

Activity: 41


View Profile WWW
February 04, 2015, 01:47:57 AM
 #19

bump

Bitrated user: greatwolf.
Grand_Voyageur
Sr. Member
****
Offline Offline

Activity: 322


https://dadice.com | Click my signature to join!


View Profile WWW
February 04, 2015, 05:59:27 AM
 #20

bump

Have you followed theymos' way to recover your account, the one provided here? If you cannot follow such a path, I suggest you to move on, learn the lesson to avoid repeating the mistake and start using a new account.
 Wink

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
█   ⚂⚄⚀⚃⚅⚁    ██  d a d i c e  ██    Next Generation Dice Game
• Low 1% house edge. • Provably Fair.  
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!