broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 05:19:40 PM |
|
Has anybody seen this? They published all the emails and passwords of their users on the websiteAnd also here: http://pastebin.com/cZ7sy3Gr
|
|
|
|
|
|
|
|
|
"There should not be any signed int. If you've found a signed int
somewhere, please tell me (within the next 25 years please) and I'll
change it to unsigned int." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
July 12, 2015, 05:24:00 PM |
|
Must be a proof that the site was hacked and the hackers want to damage as much as they can cloudminr.
|
|
|
|
xeryan
Sr. Member
Offline
Activity: 337
Merit: 250
HTML5/Node.js/PHP developer
|
|
July 12, 2015, 05:30:53 PM |
|
Luckly I'm not the public list.
Plain text passwords.. really devs? It's so sad
|
|
|
|
broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 05:31:43 PM |
|
Must be a proof that the site was hacked and the hackers want to damage as much as they can cloudminr. Maybe, or maybe they just want to earn more money from the scam by selling the data of their customers (should I say, victims?). They published 1k addresses and they sell all the database for 1BTC.
|
|
|
|
nodes
Newbie
Offline
Activity: 57
Merit: 0
|
|
July 12, 2015, 05:38:51 PM |
|
my email or ID is not there. I think its posted to cloudminr itself to make the story look real.
|
|
|
|
broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 05:41:19 PM |
|
my email or ID is not there.
That's only part of the list, they're selling the complete list for 1BTC.
|
|
|
|
Aefan
Newbie
Offline
Activity: 23
Merit: 0
|
|
July 12, 2015, 05:45:44 PM |
|
I use Microsoft Security Essentials.. If this will not find anything, I'll download malwarebytes as you recommend, thanks.
never trust a single scanner. use a paid scanner with a good detection rate and malwarebytes as an additional "run when needed" scanner. malwarebytes is well known as a scanner with a high detection rate. you can upload suspicious files to virustotal and let them check the file with the most known scanner to be sure that nothing will undetected. my account is not in the list, too and i never use passwords for more than one website so not really a problem. they just need to reset all passwords and everyone is fine. but how legit is the list? could be old, fake, or just a way to legit the so called hack dont belive in it.
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
July 12, 2015, 05:46:19 PM |
|
my email or ID is not there. I think its posted to cloudminr itself to make the story look real. So you think that clodminr that sent every week 200-300 btc to its users it is selling their usernames and emails for only 1 btc. All this to have this big amount of 1 btc and to make the story seems real?
|
|
|
|
broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 05:50:22 PM |
|
So you think that clodminr that sent every week 200-300 btc to its users it is selling their usernames and emails for only 1 btc. All this to have this big amount of 1 btc and to make the story seems real?
Nobody would keep passwords in plain text in their database if they have good intentions.
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
July 12, 2015, 05:56:09 PM |
|
So you think that clodminr that sent every week 200-300 btc to its users it is selling their usernames and emails for only 1 btc. All this to have this big amount of 1 btc and to make the story seems real?
Nobody would keep passwords in plain text in their database if they have good intentions. I don't see problems here. They can enter in every account even without the passwords. The passwords maybe serve for various verifications with the users. You are telling that they have planed the story of the hacking and the selling of passwords since the beginning?
|
|
|
|
broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 06:00:51 PM |
|
So you think that clodminr that sent every week 200-300 btc to its users it is selling their usernames and emails for only 1 btc. All this to have this big amount of 1 btc and to make the story seems real?
Nobody would keep passwords in plain text in their database if they have good intentions. I don't see problems here. They can enter in every account even without the passwords. The passwords maybe serve for various verifications with the users. You are telling that they have planed the story of the hacking and the selling of passwords since the beginning? Of course they can access all the accounts without using a password. So why should you keep passwords visible? Everybody would encrypt them because why on Earth would you need them in plain text?
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
July 12, 2015, 06:06:28 PM |
|
So you think that clodminr that sent every week 200-300 btc to its users it is selling their usernames and emails for only 1 btc. All this to have this big amount of 1 btc and to make the story seems real?
Nobody would keep passwords in plain text in their database if they have good intentions. I don't see problems here. They can enter in every account even without the passwords. The passwords maybe serve for various verifications with the users. You are telling that they have planed the story of the hacking and the selling of passwords since the beginning? Of course they can access all the accounts without using a password. So why should you keep passwords visible? Everybody would encrypt them because why on Earth would you need them in plain text? I don't know this but what do you intend with this? Why are visible? The reason of this according to you.... Are visible to have those ready in order to sell them after the invented story of hacking?
|
|
|
|
|
xeryan
Sr. Member
Offline
Activity: 337
Merit: 250
HTML5/Node.js/PHP developer
|
|
July 12, 2015, 06:21:46 PM |
|
if cloudminr.io is scam, they seized large amounts
No this is a way to make us to think that they was hacked while instead they are scammers
|
|
|
|
wwwcuongit
Newbie
Offline
Activity: 11
Merit: 0
|
|
July 12, 2015, 06:40:51 PM |
|
|
|
|
|
|
n2004al
Legendary
Offline
Activity: 1134
Merit: 1000
|
|
July 12, 2015, 06:54:27 PM Last edit: July 13, 2015, 04:58:09 AM by n2004al |
|
To many strange things for being scammers. Normally (if scammers) they would hide themselves and not doing this things. All these actions make me think that they were really hacked and that the hackers want to stop their activity in any way.
|
|
|
|
Aefan
Newbie
Offline
Activity: 23
Merit: 0
|
|
July 12, 2015, 07:17:45 PM |
|
the funny thing is that they wrote if there is something on the website than we should not belive it and a few days after that, a list of accounts is on their address. that aren't hackers, just scammers. that was the plan from the beginning. steal money and make money with the accounts to get more and more money.
if really someone is beliving that this was an hack... sorry but than you are to stupid for this world.
normal developers will encrypt or hash passwords. a lot of websites don't do that. not because they want to make bad things with it but only they are not prepared for vulnerabilities on their site. but in this case there was a plan behind that. i'm sure.
that none of the admins replied to that list and discussion shows the intention behind that all.
|
|
|
|
Punggawa
Legendary
Offline
Activity: 1428
Merit: 1002
|
|
July 12, 2015, 07:23:15 PM |
|
what happened cloudminr? -= cloudminr.io users database for sale =- 1 BTC for 79,267 unencrypted user:email:password list. contact us on jabber at cmiodb@exploit.improof - first 1k users: check: http://cloudminr.io/
|
|
|
|
broc93
Newbie
Offline
Activity: 7
Merit: 0
|
|
July 12, 2015, 07:40:39 PM |
|
normal developers will encrypt or hash passwords. a lot of websites don't do that. not because they want to make bad things with it but only they are not prepared for vulnerabilities on their site. but in this case there was a plan behind that. i'm sure.
I have a website. It has 800 users but still, their passwords are hashed. You're dealing with cryptocurrencies and you don't encrypt the passwords of your users? You're a scammer and you want to use those passwords for other purposes, obviously.
|
|
|
|
|