Akka - Default trust account no longer hacked!

[hilariousandco]

Wasn't that guessing the dob exploit allegedly used to gain access to satoshis gmx account? It is interesting how many people are losing their accounts here via their email, especially when most don't have their address publicly displayed.

[Parazyd]

Wasn't that guessing the dob exploit allegedly used to gain access to satoshis gmx account? It is interesting how many people are losing their accounts here via their email, especially when most don't have their address publicly displayed.

Probably because the majority of members here use either gmx or gmail. And it's probably username@one-of-those.com
So it's not that hard to guess.

Note to self: Start an email server.

[Blazr]

Molecular, aren't you from Germany? So is Akka IIRC... Maybe some German Bitcoin website was hacked.

[MadZ]

I can confirm account Akka was hacked (I informed theymos right away, thanks for acting, theymos), I bet he had a gmx-address registered with the forum.

My gmx account has been repeatedly taken over (about 6-8 times) since around Dec 16th.

How did the hacker know your email address associated with your account? Was it publicly known prior?

I'm assuming he got it from the mtgox leak back in 2011 (or was it 2012?). It's very likely someone using gox in 2011 also has a btctalk account... and a valuable one at that

That's what I'd do if I had that exploit and was a black hat: take all gmx addresses from that leak and attack those dudes... there might be some bitcoins to be had.

I don't think Akka would be on the old mtgox leak, he signed up on bitcointalk in June 2012, the leak was way before that.

I heard a suspicious rumor that it was somehow possible in some cases to reset the password of GMX accounts by using the persons date of birth only. I haven't checked it out because I don't have an account there, but it might be a good idea to look into it. Regardless everyone should stop using GMX, they're obviously very incompetent.

Akka revealed his email in this post, they probably got it from there.

Machst du mit? Wenn ja: In welcher Stadt bis du? Wärst du bereit das ganze (wenn ja mit wie viel BTC etwa?) mit zu finanzieren? Wäre es OK wenn ich deinen Kontakt an andere aus deiner Stadt weitergebe, damit ich möglichst einen einzigen Ansprechpartner pro Stadt habe wenn es an die Verteilung geht?  (Als Nebeneffekt entstehen so vielleicht sogar ein paar lokale Bitcoin Communitys).
Falls du das nur liest und nicht im Forum bist, scheibe mir eine Mail: Ak-ka@gmx.net

[molecular]

I heard a suspicious rumor that it was somehow possible in some cases to reset the password of GMX accounts by using the persons date of birth only. I haven't checked it out because I don't have an account there, but it might be a good idea to look into it. Regardless everyone should stop using GMX, they're obviously very incompetent.

This whole story stinks. I don't belive in this "random dumb script kid hacks Satoshi Nakamotos email account" story at all.
There is someone simply trying to let us think Satoshi is still alive.

As far as I can see, you only need to know date of birth to reset a gmx email account password. Maybe he used the same DOB as in the p2pfoundation profile? Or maybe the kid found some way to automate it bypassing the CAPTCHA.

I just checked out the password reset procedure on gmx.de. It's possible to use the phone-number or alternate email address to reset pw. Nothing about date of birth.

When I tried to regain control of my gmx account in December, I called. They asked date of birth, but it wasn't enough. I had to email scans of my ID, which they only checked casually (I know because I called right afterwards and the guy said (paraphrasing): "ah, I see it's still valid, so that's ok, I'll send you reset-link"). So that's a possibility, although I doubt the exploit involveds a phone call.

Also noteworthy: after my account has been taken over (as said this happened 6-8 times in the last 3 weeks) and I regained access, website displayed many (100s, sometimes 1000s of failed login attempts). I'm not sure if imap/pop login failures count here (I have multiple imap clients polling frequently, so if pw is changed, they will fail login).

[molecular]

Note to self: Start an email server.

+1

I ran one in the 90s. Gave up at some point when it got harder to send emails via smtp around 2005 or so.

I'm reconsidering this now.

[molecular]

Molecular, aren't you from Germany? So is Akka IIRC... Maybe some German Bitcoin website was hacked.

Also ThomasV who also lost his gmx address is from germany.

gmx is a german email provider, so this is probably the cause for the amount of germans affected.

[fronti]

I know akka personaly and will give him a call that he can clearify the situation

[redsn0w]

Nice catch quickSeller , now is all resolved or not ?

[molecular]

Nice catch quickSeller , now is all resolved or not ?

except that the gaping pw reset vulnerability at gmx obviously still exists

[molecular]

I know akka personaly and will give him a call that he can clearify the situation

sehr gut, danke!

[redsn0w]

Nice catch quickSeller , now is all resolved or not ?

except that the gaping pw reset vulnerability at gmx obviously still exists

Oh that's bad , now I think no one will use gmx anymore. They are very incompetent.

[Akkahacked]

Thanks for the heads-up quickSeller.

My gmx account has indeed been hacked, or rather exploited, the password had been changed. With this the password of my BTCtalk account had been changed.

So gmx mail seems not to be save (i will formate my PC and change all my PWs anyway, just to be sure).

I apologize to all people that have been troubled by the hack and hope that no damage has been caused to anyone due to this.

[freedomno1]

Thanks for the heads-up quickSeller.

My gmx account has indeed been hacked, or rather exploited, the password had been changed. With this the password of my BTCtalk account had been changed.

So gmx mail seems not to be save (i will formate my PC and change all my PWs anyway, just to be sure).

I apologize to all people that have been troubled by the hack and hope that no damage has been caused to anyone due to this.

Just good to hear that your account is getting recovered before any real damage could be done
Nice to see this getting neatly resolved.

[molecular]

Thanks for the heads-up quickSeller.

My gmx account has indeed been hacked, or rather exploited, the password had been changed. With this the password of my BTCtalk account had been changed.

So gmx mail seems not to be save (i will formate my PC and change all my PWs anyway, just to be sure).

I apologize to all people that have been troubled by the hack and hope that no damage has been caused to anyone due to this.

Good to see you have been reached. Hope you can sort things out and get your original account back.

No need to apologize, it's not your fault. GMX is to blame.

and: No damage is not correct, at least not if we talk about the gmx exploit, not just the Akka takeover.

I for one spent countless hours migrating away from gmx and worrying about the next takeover. It's quite possible the attacker got some of my accounts where I used the gmx mail. He surely tried many and tried to steal coins from me. I have no doubt the 'hackers' made money off of this gmx exploit (WHICH STILL WORKS, I'm getting my pw changed every 2 days), even if it's just steam accounts. (See comments by binary32 here). Attacker tried to get my paypal, blockchain.info, bitcoin.de, bitstamp and numerous other accounts (I saw some pw reset emails, seems I interrupted his 'work'). Wouldn't be surprised if he had been successful with some of the other targets.

Also, ThomasV has lost his twitter account to this gmx exploit. He also lost other accounts but luckily was able to get them back.

Satoshi email hack was also likely due to the gmx exploit.

[molecular]

here...



someone selling a legendary bitcointalk account

[Quickseller]

here...



someone selling a legendary bitcointalk account

it is probably the spekulatius account https://bitcointalk.org/index.php?action=profile;u=37537

[molecular]

it is probably the spekulatius account https://bitcointalk.org/index.php?action=profile;u=37537

data matches. is spekulatius confirmed to have been taken?

[Quickseller]

it is probably the spekulatius account https://bitcointalk.org/index.php?action=profile;u=37537

data matches. is spekulatius confirmed to have been taken?

spoderman offered to sell it to me very shortly after its password was reset via email (see PM dump on page two of this thread) even though it hadn't posted in months. Someone also logged in to it yesterday but made no posts.

He refused to confirm that he was able to confirm ownership which leads me to believe that he cannot do so.

[redsn0w]

it is probably the spekulatius account https://bitcointalk.org/index.php?action=profile;u=37537

data matches. is spekulatius confirmed to have been taken?

spoderman offered to sell it to me very shortly after its password was reset via email (see PM dump on page two of this thread) even though it hadn't posted in months. Someone also logged in to it yesterday but made no posts.

He refused to confirm that he was able to confirm ownership which leads me to believe that he cannot do so.

His last post  was done the 07th of october , what do you think ? Is it an hacked  account (after sold it to another person)? Or just coincidences ?