Pages:
Author

Topic: Account hacked -- should I blame admins or not? - page 2. (Read 653 times)

legendary
Activity: 1946
Merit: 1427
Although i don't exactly agree with your proposal regarding the "confirm email" "problem", i do think that the forum can definitely improve on a number of things, and is HEAVILY lacking on certain features in comparison to other forums.

Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
Blablabla, the matter of fact here is simply that the forum's methods are heavily outdated. Other services would either never allow this to happen in the first place, or quickly recover the stolen account. Bitcointalk does neither.

Sure it was his fault, but do you seriously expect everyone to browse bitcointalk from an air-tight pc in some nuclear bunker? It's a forum for christs sake. There'll always be people/accounts getting hacked for various reasons.

hero member
Activity: 1806
Merit: 672
This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.
Why would you need this option? I mean clearly if you are not the one who have changed your email then you would only need the link provided in the email which lets you lock your account for recovery which they did. If you are asking for the "confirm that you are changing the email" option you are only giving the hackers a favor for you to fuck up your own account. I don't know why you are putting the blame to them as clearly your password has been obtained by someone from your computer, my advice is if you have any desktop wallets in your pc you should transfer the funds before nothing is left from your compromised pc.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}
member
Activity: 280
Merit: 14
You should at least post the link of the account in question so if your claims are concrete the account can be red tagged

And also the forum has a security measure that it is before an email can be changed in the forum the password to that account must be provided so who ever has your account provide your password.

You should also take part in the blame you must have lost your guard
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
When you are spending most of the time with emails,why you didn't check it.I am just said because here no fault from the admins its just how the system works.

And also we have recover method for hacked accounts here : Recovering hacked accounts or accounts with lost passwords so you need to follow the instructions and wait patiently in the long queue.

legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Quote
My point is, why don't they at least allow user to confirm that they are changing the email;
Because people, generally, set a new email address when they lose access to the old one, thus sending you an email to the old address asking for confirmation is kind of stupid.
With that being said, I think instead of sending a link to lock the account, they should give you the possibility to refuse the new changes and keep your old email address.
 
staff
Activity: 3304
Merit: 4115
My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.

This has never been in place, and by registering on the forum you don't even have to verify the email. If you had a problem with the security of the forum you could've brought it up. Many have, though. The new forum software will likely have some sort of 2fa authentication so there's that. However, no one really knows when that's going to drop.

That being said. Have you got a signed address? If you have you can start the recovery process, and in the mean time get DefaultTrust to tag it so it's basically useless to whoever hacked it.
member
Activity: 672
Merit: 29
What I can see on this thread is some big time quote abusers most especially the first individual that replied who had no reason what so ever to quote the OP whole post when he or she is directly under the post

Post quotation when abused can create an ugly scene especially when the guilty party do not really have something tangible to contribute
newbie
Activity: 16
Merit: 0
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators.

Well, your subject line says otherwise.

My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.

There are instances in which even the email addresses are being compromised by these hackers.

Also, maybe that change of email and change of password do cross line is some instances. Given that an email address is comprised, every relevant information (ie. accounts) are at risk and next to it is the changing of passwords. So that the original user will totally lose access to his/her account.




My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.
full member
Activity: 816
Merit: 133
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators.

Well, your subject line says otherwise.

My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.

There are instances in which even the email addresses are being compromised by these hackers.

Also, maybe that change of email and change of password do cross line is some instances. Given that an email address is comprised, every relevant information (ie. accounts) are at risk and next to it is the changing of passwords. So that the original user will totally lose access to his/her account.



newbie
Activity: 16
Merit: 0
Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
newbie
Activity: 16
Merit: 0
I think it has nothing to do with the administrator or forum . It's the responsibility of the account owner to ensure the security of the account. I think it's probably because you didn't keep your account password properly. It's not because of security vulnerabilities in forum. Otherwise, hackers should steal a legendary account more profitable than a Sr account.
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators. My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.  if we had the option to let us confirm change that we are making changes through email, none of the users would have been experiencing this, but instead, they get an email informing them that the email has been changed, by who? remains unknown.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
member
Activity: 61
Merit: 11
I think it has nothing to do with the administrator or forum . It's the responsibility of the account owner to ensure the security of the account. I think it's probably because you didn't keep your account password properly. It's not because of security vulnerabilities in forum. Otherwise, hackers should steal a legendary account more profitable than a Sr account.
newbie
Activity: 12
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for. 

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png
yeah, I know that feeling, not such a very good one. My account was once got hacked as well, I think you mentioned a very good point in the text above, because these hackers use the accounts do bad things such as hacking investors hardly earned money here on the forum and more.
newbie
Activity: 16
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for.  

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png
Pages:
Jump to: