Twitter and GMX accounts compromised

[ThomasV]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am Thomas Voegtlin, main developer of the Electrum Bitcoin
wallet.

On Dec. 6th, 2014, my GMX email account has been compromised and its
password was reset. Using access to my GMX account, the attacker could
obtain a password reset of my @ElectrumWallet Twitter account, and
posted racist messages on it. I have since then regained control of my
GMX email account, and I hope that the Twitter situation will get
resolved soon.

The Electrum website, SSL certificate, Github account, were not
affected by the attack, and the source code of Electrum was not
modified.

At this point it is not known how my GMX account was compromised, so I
will consider that email address as permanently compromised, even if I
have regained access to the account. I will post more information once
the situation is fully resolved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUiBwuAAoJECvVgkt/lHDmbDMP+gNHQUvlQPGEAlsgf4xToPQ0
+/aGRrj2DiKNT32EwcyZOqKjdrYUgSNXHAfDEFHgZDgEXTReIZS/FxVNdZXT/g+H
kJvb3mpso4hhk/OXOOtDEINkAw/VAu8Sw70+v+VwCbOE5ZfrNpQXFkjoAb706dvk
aO1OgzICRISniVHWkZ9E4RmC/L+Y14bicE+7KOh2vmFX2vHJ0WI/7QLRrvvrwkl8
3OnGUS4bnBOGX/DHCT3EmW8GS8CNJrWwfrOgkl/yHY4gpeW7VMsc3p0Uaow96ne8
ZeyH4UOdZiBOHRvGPnh2SmhThHtM4TLDJ3f+v8p3mx8tjH7EGGRKWp9M0knFySWr
iBYSjjgO0nSMctyfyNOxyuYMuMoQfsUpD0C2SO9SuW8VVaPWh/ovocJp5OFpNHuf
rR1DlfAKgMMSvxb4NHTUs4vJlhOzCakuNqjnuqU6F1glP33ALe3lkd7QmDg/Dirg
ndsscaTM+LTVR4ZWV0+Bsi+tpSigYW5+etGBfWNkfUprvHDHQIHTOu3xGMXRmCYL
R1Q84lYBCasBVFo9nrc0sa7XH/mtlZqzEJrfWk7fd8XlV2wk4JmUBuTd7C0F4eq8
0IIAOwD+662blWJ8vet+EMvCQHpsSubS0159fJ+LwebSQU7HVRHJhgKHirtA7Kdz
I0RoVkmUflBvv4Ng/2Lt
=fPjo
-----END PGP SIGNATURE-----

[btcven]

What a troll this 'hacker'.

[ninjaboon]

So it's still safe to use the Electrum wallet then?

[EricKennedy]

Of course it is safe to use Electrum.
This hack didn't affect at all the wallet.

[molecular]

I'm starting to suspect some problem at gmx.

My gmx account password was changed on the 12th (not by me). I don't know how they did it and gmx isn't helping.

Regained access by sending credentials and shit to gmx.

Strangely, I couldn't find any traces of activity by the bad guy(s).

[molecular]

my gmx password was changed again on 12/30 (wasn't me)

now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).

I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.

[shorena]

my gmx password was changed again on 12/30 (wasn't me)

now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).

I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.

I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this.

[someguy123]

Satoshi, ThomasV, and Molecular have all been affected by their GMX email being hacked? I think this is more than enough warning for those using GMX to migrate to a new mail provider ASAP, there's either a serious flaw in GMX, or someone inside of GMX is doing some dirty work against those known to use cryptocurrencies.

[molecular]

my gmx password was changed again on 12/30 (wasn't me)

now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).

I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.

I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this.

yes, I think it's unrelated to my 31c3 visit.

password got changed yet again.

[molecular]

Satoshi, ThomasV, and Molecular have all been affected by their GMX email being hacked? I think this is more than enough warning for those using GMX to migrate to a new mail provider ASAP, there's either a serious flaw in GMX, or someone inside of GMX is doing some dirty work against those known to use cryptocurrencies.

I agree. I can only recommend staying away from gmx, at least for now.

My best guess is some exploit on gmx that allows password reset.

[molecular]

someone is selling hacked gmx accounts and the gmx exploit to forum users. He's using account "Akka".

more info: https://bitcointalk.org/index.php?topic=917636

[ThomasV]

update: I have finally regained access to the @ElectrumWallet Twitter account, and removed the racist posts.

I still do not know how my GMX email account was compromised, but apparently I was not the only one (Satoshi, molecular, bitbiz.io).
I can only advise to stay away from GMX (as well as their variants: mail.com, etc)

[molecular]

update: I have finally regained access to the @ElectrumWallet Twitter account, and removed the racist posts.

I still do not know how my GMX email account was compromised, but apparently I was not the only one (Satoshi, molecular, bitbiz.io).
I can only advise to stay away from GMX (as well as their variants: mail.com, etc)

good to hear you've got the twitter back.

For anyone who wants more info about the gmx issue, check out the german thread "gmx accounts können gehackt werden?" (forum search disabled currently, so I can't find it). The one about account Akka being taken over due to gmx email also has more info, this time in english.

[grahvity]

I tried: https://twitter.com/grahvity/status/558614921106444288?s=17

[ThomasV]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, I should have signed this:
Today is January 23, 2015, and I confirm that I have regained access to my @ElectrumWallet Twitter account.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUwlGsAAoJECvVgkt/lHDmqyYQAIdaOaYl4mS5rG0DU8x6GKkR
z6HLQMVGOeAWLN447nS7Tk0d6oNjK0k9VmnCSyRFFfT/iG5BnxmsaDHHZf/Qu41h
2mWU/97l2TR6Rwcm3Nu8tpZwg8sJWwwNP5y453GVn4ObyuytY7dmDkOCDUW2d0uR
33cryW2llQGK3igMl6UrZlbTIdNBIWGTcm7DQZSc8fmgxZOa9/31SlpteK21YpCB
1QO5+T2n/ET+f9ndj5cNwTcr35Uvm+4R7O9YtcAh1vOHcDtEdxhU11INLb6uW/cq
BJe4oqVjBst8AC4i60IvzbV5PKkLZeWDI/nmVcEDKWlrqRT5JF+lyMrOo9fa0LOU
DSqj3SzcczN4WeUaHvVjcnKOzf5tsqnoS2JDxczLvwIyl/T3HWvZz03GKqU3NcQC
dXV/kN4ol/iBazLQNCgbU4P+XzJHtfB7QyPwhAwT8uoY3HrFMA62AYmCYB6OH3j2
bvZAPjJbx6qBGRRMntJFT54qaZgHfPVR2D9EF5haWLoWD4woaLP9HOEHCqfQnSOg
/1q8cYyNJqWUnQ44z+oOtX9lmn7HJWovixHvuK9JSEDgeN1GoAnbBLeFyyTvbLjX
HwsChgrJaN/3AFlIJWl6yIsygmPLONt8WqthfD98k0IqwVmu2ESLmK+V0p+/n6Iy
aioxDZr+3OnB7iDpvCS1
=bX/D
-----END PGP SIGNATURE-----