Author

Topic: Account hacked -- should I blame admins or not? (Read 653 times)

newbie
Activity: 16
Merit: 0
February 06, 2019, 02:02:52 AM
#36
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for. 

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png
The account was successfully recovered, thanks to the bitcointalk recovery department for doing a fantastic job. I tried deleting this thread but it was not possible, I will just lock it since no further comments will be accepted.. thanks for contributing
newbie
Activity: 16
Merit: 0
What you are saying is that the after you clicked on the lock account link, you never got access to your account ever again?

That is exactly what I'm saying. There's this system where you "stake" your bitcoin address, meaning you post it in a dedicated thread and with that you can prove ownership of the account, such a flawed thing. Nobody promotes that, until I got my account hacked I didn't even know that existed.

Nevremind that, I've proven my identity with an Ethereum address, but who the fuck cares? You can find my thread in my profile, it's one of the only ones I've started.

No, locking the account is just a preventive measure, this way you will be sure the hacker will be unable to use this account for frodulent activities (scamming other users, posting links to phishing websites/malwares...)

You can recover your account by proving it is yours. You can read more about how to do that here: Recovering hacked accounts or accounts with lost passwords
You have to be patient though  Grin

Except the mods don't really give a shit, unless you use their shitty "staking" system, which they tell you to use after your account gets hacked.. Even then, it's a matter of chance and praying to the mod gods or some shit..
I have signed the message using MEW, I hope they allow it and give me access back to my account:
Code:
{
  "address": "0x47c3b73c1ffa061ae4a37c553780e426f883860a",
  "msg": "My account has been hacked/lost. Please reset the email to . The current date is <10 January 2019>.\n-----BEGIN SIGNATURE-----\n<0x47c3b73c1fFa061aE4A37C553780e426F883860A>\n
-----END Ethereum SIGNED MESSAGE-----",
  "sig": "0xe89b163080156409be5fa1ceb2cdd8d5c01036558a18176e5939e2dde4deb739390f11951329c11194a76cf6522389453d3ce1aff0f416cbffa4ba1bbccd91c21c",
  "version": "3",
  "signer": "MEW"
}
1. Unedited posts:
https://docs.google.com/spreadsheets/d/19iXe4KB5eYYaurMOMN8cB9NnZC_zXzlOb6sFLvD_4_A/edit#gid=0
(User Number 158 registered on this campaign(VLB) was FrankNoland and I have registered using the signed MEW address). The same applies on the link below: https://docs.google.com/spreadsheets/d/1Eh7Rzyt9gr_f5GPdxFvGfA-7aogGAzBJ1OCtXT0TRyI/edit#gid=0 (User number 158)

newbie
Activity: 83
Merit: 0
What you are saying is that the after you clicked on the lock account link, you never got access to your account ever again?

That is exactly what I'm saying. There's this system where you "stake" your bitcoin address, meaning you post it in a dedicated thread and with that you can prove ownership of the account, such a flawed thing. Nobody promotes that, until I got my account hacked I didn't even know that existed.

Nevremind that, I've proven my identity with an Ethereum address, but who the fuck cares? You can find my thread in my profile, it's one of the only ones I've started.

No, locking the account is just a preventive measure, this way you will be sure the hacker will be unable to use this account for frodulent activities (scamming other users, posting links to phishing websites/malwares...)

You can recover your account by proving it is yours. You can read more about how to do that here: Recovering hacked accounts or accounts with lost passwords
You have to be patient though  Grin

Except the mods don't really give a shit, unless you use their shitty "staking" system, which they tell you to use after your account gets hacked.. Even then, it's a matter of chance and praying to the mod gods or some shit..
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
What you are saying is that the after you clicked on the lock account link, you never got access to your account ever again?
No, locking the account is just a preventive measure, this way you will be sure the hacker will be unable to use this account for frodulent activities (scamming other users, posting links to phishing websites/malwares...)

You can recover your account by proving it is yours. You can read more about how to do that here: Recovering hacked accounts or accounts with lost passwords
You have to be patient though  Grin
newbie
Activity: 16
Merit: 0
Yeah, you should blame the admins so your account won't be recovered and get ignored as long as you live. But even if you can get patient enough and wait until theymos for a year he doesn't even read a single word to your thread though.
It's been 5 months since my account was hacked. Did the mods help me recover it? No. Could I recover it if I didn't use their "lock this account" thingy? Yes, the email was changed to a yopmail address.
They tell me to lock my account if I didn't authorize the changes and then tell me you can't prove ownership of this account after I fucking proved it? Fuck that.

They don't give a fuck for us, what happened to BTCTalk 2.0? Supposedly, that was supposed to be better and more modern, I hope more secure, but that's dead now it seems.

Give me some security features, we need 2FA, especially in this crypto world.

Yes, blaming other doesn't help and I mainly blame myself for not securing my account better, but the mods are offering a feature that they're not willing to enforce, can't blame myself for that.
What you are saying is that the after you clicked on the lock account link, you never got access to your account ever again?
newbie
Activity: 83
Merit: 0
Yeah, you should blame the admins so your account won't be recovered and get ignored as long as you live. But even if you can get patient enough and wait until theymos for a year he doesn't even read a single word to your thread though.
It's been 5 months since my account was hacked. Did the mods help me recover it? No. Could I recover it if I didn't use their "lock this account" thingy? Yes, the email was changed to a yopmail address.
They tell me to lock my account if I didn't authorize the changes and then tell me you can't prove ownership of this account after I fucking proved it? Fuck that.

They don't give a fuck for us, what happened to BTCTalk 2.0? Supposedly, that was supposed to be better and more modern, I hope more secure, but that's dead now it seems.

Give me some security features, we need 2FA, especially in this crypto world.

Yes, blaming other doesn't help and I mainly blame myself for not securing my account better, but the mods are offering a feature that they're not willing to enforce, can't blame myself for that.
newbie
Activity: 16
Merit: 0
Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}

Email confirmations don't help to reduce spammers (or just a little) since bots are usually coded to verify emails as well. But an email confirmation to authorize to change the email is more convenient. (And not after like it's currently) I know people say "what if they lost their email box access" Well you can't hold hands with everyone like you do with children.
That is a very great point you have highlighted right there, the admins should at least let us confirm that we are changing our email addresses, it's for the benefit of the forum.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}

Email confirmations don't help to reduce spammers (or just a little) since bots are usually coded to verify emails as well. But an email confirmation to authorize to change the email is more convenient. (And not after like it's currently) I know people say "what if they lost their email box access" Well you can't hold hands with everyone like you do with children.
newbie
Activity: 16
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for. 

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png

You should definitely blame the admins, as do I. My account was hacked this summer, it had a secure password, but this forum is not secure at all, there's no email confirmation about changing the email address, no 2FA and what grinds mt gears is "If this change wasn't made by you, lock your account".

I clicked that link, and now both the hacker and I are locked out of my account, I had a thread active for more than a month, a few high ranking members verified that I'm genuine, but no, the admins don't give a fuck.

It took me more than a year to rise that account from the ground, 750+ posts and 101 merit, that is not easy to attain right now.
My point exactly, thank you for highlighting it, you and I have one thing in common, which is feeling that the forum isn't secure enough. The  admin should do something about this issue or their accounts will follow as well. It takes years to grow an account, especially with this merit system, and it sucks to see accounts being deprived from original users whereas the admin don't give a damn, they don't even bother responding to our messages, I find it somehow unproffessional, but its their choice.

Yeah, you should blame the admins so your account won't be recovered and get ignored as long as you live. But even if you can get patient enough and wait until theymos for a year he doesn't even read a single word to your thread though.
Whats the use of having admins if they can't even recover a simple account, what they do is ignore users messages, and it's not doing anything but harm to this forum.

Most likely your account didn't get hacked. It is far more likely that your password got phished by visiting one of the several clone phishing sites.
You will never know buddy and I am not arguing with your statement, but I have also installed, metamask, metacert and alot more to ensure a secure browser. However, even if that might have been the case, users should atleast be informed when an intruder is accessing their account and change the email and password, especially from an unathorised IP address.

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Most likely your account didn't get hacked. It is far more likely that your password got phished by visiting one of the several clone phishing sites.
newbie
Activity: 83
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for. 

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png

You should definitely blame the admins, as do I. My account was hacked this summer, it had a secure password, but this forum is not secure at all, there's no email confirmation about changing the email address, no 2FA and what grinds mt gears is "If this change wasn't made by you, lock your account".

I clicked that link, and now both the hacker and I are locked out of my account, I had a thread active for more than a month, a few high ranking members verified that I'm genuine, but no, the admins don't give a fuck.

It took me more than a year to rise that account from the ground, 750+ posts and 101 merit, that is not easy to attain right now.
newbie
Activity: 16
Merit: 0
The account is hacked not banned

Account 'FrankNoland' was banned on the 7th December 2018, as you can see on bpip.org.

https://i.imgur.com/lUCeMdi.png


The last owner of the profile 'FrankNoland' also said about it.

Hello. Today my BTT account was blocked, I didn’t break anything, why was my account blocked? thanks for the answer

https://bitcointalksearch.org/user/franknoland-1000883 (FrankNoland)
Thanks for that, and it looks like it was locked a day after I realized that it was being hacked. I think this user is the one that hacked the account and changed the email and password:
https://bitcointalksearch.org/user/vladimirkuznecov888-2499248. And continued to create this thread acting and pretending to be innocent: https://bitcointalksearch.org/topic/m.48511454 whereas he knows very well that he hacked the account.. I rated his trust that he hacked it, I hope to recover it since it has some sensitive information in it.
legendary
Activity: 1484
Merit: 1655
Rêlêå§ê ¥ðµr MïñÐ
The account is hacked not banned

Account 'FrankNoland' was banned on the 7th December 2018, as you can see on bpip.org.




The last owner of the profile 'FrankNoland' also said about it.

Hello. Today my BTT account was blocked, I didn’t break anything, why was my account blocked? thanks for the answer

https://bitcointalksearch.org/user/franknoland-1000883 (FrankNoland)
newbie
Activity: 16
Merit: 0
When I said you are naive , there is a reason.Look  how badly you mixed all the quoting in above post. (https://archive.is/72Chr)

Coming back to your questions in that post.
1. Which account is banned?

Your account is banned that you are talking  in previous posts

You can check in bpip : https://bpip.org/profile.aspx?p=FrankNoland


2.I hope you got paid to write that, what a bad joke it was

I think you got worst joke, hacked + banned account.

The account is hacked not banned
sr. member
Activity: 742
Merit: 395
I am alive but in hibernation.
When I said you are naive , there is a reason.Look  how badly you mixed all the quoting in above post. (https://archive.is/72Chr)

Coming back to your questions in that post.
1. Which account is banned?

Your account is banned that you are talking  in previous posts

You can check in bpip : https://bpip.org/profile.aspx?p=FrankNoland


2.I hope you got paid to write that, what a bad joke it was

I think you got worst joke, hacked + banned account.
newbie
Activity: 16
Merit: 0
@OP.
Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?


Quote
Since you gained 3 merits in a year, it will take you 250/3 years that will be approximately 80 years.

I hope you got paid to write that, what a bad joke it was Roll Eyes

My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.

Nopes, If admin think,hacking of account is so easy then he is not openly giving 1 troy once of gold for finding the email address of default trust account.

- 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.
Huh

sr. member
Activity: 742
Merit: 395
I am alive but in hibernation.
@OP.
Account is banned too. So it does not make any sense to red trust it.

But you look quite a naive in this forum.
1. posting multiple comment in a row in thread.
2. not able to secure your account.
3. Did not provided any concrete proof that hacked/banned account belonged to you.
  (concrete proof means signing the message from the address that was posted from that account in this forum)

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?


Since you gained 3 merits in a year, it will take you 250/3 years that will be approximately 80 years.


My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.

Nopes, If admin think,hacking of account is so easy then he is not openly giving 1 troy once of gold for finding the email address of default trust account.

- 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.



newbie
Activity: 16
Merit: 0
This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.
Why would you need this option? I mean clearly if you are not the one who have changed your email then you would only need the link provided in the email which lets you lock your account for recovery which they did. If you are asking for the "confirm that you are changing the email" option you are only giving the hackers a favor for you to fuck up your own account. I don't know why you are putting the blame to them as clearly your password has been obtained by someone from your computer, my advice is if you have any desktop wallets in your pc you should transfer the funds before nothing is left from your compromised pc.
What is  this discussion about? Please stop asking the obvious. They would need option because user accounts are getting hacked by other users. If user accounts just get hacked like that then this means that something should be done security wise for the sake of the forum reputation and safety of the users. 
Although i don't exactly agree with your proposal regarding the "confirm email" "problem", i do think that the forum can definitely improve on a number of things, and is HEAVILY lacking on certain features in comparison to other forums.
My point exactly, there is always a room for improvements. Lets just wait for the new forum software, probably it will have a lot more to offer. Probably the number of hacked accounts and other security vulnerabilities will decrease due to the new forum software.
newbie
Activity: 16
Merit: 0
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
When you are spending most of the time with emails,why you didn't check it.I am just said because here no fault from the admins its just how the system works.

And also we have recover method for hacked accounts here : Recovering hacked accounts or accounts with lost passwords so you need to follow the instructions and wait patiently in the long queue.


Probably, the reason why I wasn't always in my mailbox was only because I never thought I will through this, I thought this forum was somehow similar to other forums in term of security and notify users of anything suspicious happening around their account through the email they have registered with. Security is a priority for every platform, I am assuming that you know that by now.

You should at least post the link of the account in question so if your claims are concrete the account can be red tagged

And also the forum has a security measure that it is before an email can be changed in the forum the password to that account must be provided so who ever has your account provide your password.

You should also take part in the blame you must have lost your guard
Here is the link to the account; I was previously a campaign manager for some projects and I am afraid that if the hacker uses the account to do bad things, this might somehow affect the projects I previously managed and investors might associate the projects with fraudulent activities whereas they are not.

He is the link to the account: https://bitcointalksearch.org/user/franknoland-1000883
you can also help in painting it red, but I will ask whoever rated it to change the trust if I manage to recover it.

Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}
As previously mentioned, security is a priority. Some accounts here in the forum are more reputable than others, you seen this before hopefully. However, the level of security is similar. Projects, organizations and individuals create accounts here on the forum and obtain all the trust they need from their investors. Think of it this way, what do you think will happen if for instance, a hacker hacks Vitalik's account and start scamming people? What do you will happen to their Ethereum reputition.

I don't think that password re-entry is such a great idea the reason being that if the hacker had access to the password in the first place, they can use it again in the future or even change it. Admins just need to come up with more secure measures, but as we have previously read in the previous comments that the 2FA is being integrated with the new software and email confirmations. I guess that's unlike nothing.
newbie
Activity: 16
Merit: 0
What I can see on this thread is some big time quote abusers most especially the first individual that replied who had no reason what so ever to quote the OP whole post when he or she is directly under the post

Post quotation when abused can create an ugly scene especially when the guilty party do not really have something tangible to contribute
what is this all about? you are out of context

My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.

This has never been in place, and by registering on the forum you don't even have to verify the email. If you had a problem with the security of the forum you could've brought it up. Many have, though. The new forum software will likely have some sort of 2fa authentication so there's that. However, no one really knows when that's going to drop.

That being said. Have you got a signed address? If you have you can start the recovery process, and in the mean time get DefaultTrust to tag it so it's basically useless to whoever hacked it.
It would be cool to have the updated software since the current one seem to be somehow outdated. Some 2fa will do good, since now the hacker is impersonating me, and if he hacks anyone or do something bad, people will assume that it was me although I was innocent.

Other than, thank you for the input Smiley appreciated

Quote
My point is, why don't they at least allow user to confirm that they are changing the email;
Because people, generally, set a new email address when they lose access to the old one, thus sending you an email to the old address asking for confirmation is kind of stupid.
With that being said, I think instead of sending a link to lock the account, they should give you the possibility to refuse the new changes and keep your old email address.
 
I think there is something you are missing, when I created an account using my email, i signed for ownership of the account. If the email is being changed without me knowing, then it mean that there was change of ownership without the real owner concern, which can percieved unfair since the account was just deprived from him by the unknown user or hacker.

We change email address for many different reasons, so since the admins are not aware of the reason why I am changing the email, they shouldn't just assume it's the owner making changes, rather come up with safety or secure measures to avoid this in the future. This is only the beginning, it's only a matter of time until they hack an admins account, how is different to ours security wise?
Think of it like this, if they can hack mine, then surely the can hack yours.
legendary
Activity: 1946
Merit: 1427
Although i don't exactly agree with your proposal regarding the "confirm email" "problem", i do think that the forum can definitely improve on a number of things, and is HEAVILY lacking on certain features in comparison to other forums.

Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
Blablabla, the matter of fact here is simply that the forum's methods are heavily outdated. Other services would either never allow this to happen in the first place, or quickly recover the stolen account. Bitcointalk does neither.

Sure it was his fault, but do you seriously expect everyone to browse bitcointalk from an air-tight pc in some nuclear bunker? It's a forum for christs sake. There'll always be people/accounts getting hacked for various reasons.

hero member
Activity: 1806
Merit: 672
This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.
Why would you need this option? I mean clearly if you are not the one who have changed your email then you would only need the link provided in the email which lets you lock your account for recovery which they did. If you are asking for the "confirm that you are changing the email" option you are only giving the hackers a favor for you to fuck up your own account. I don't know why you are putting the blame to them as clearly your password has been obtained by someone from your computer, my advice is if you have any desktop wallets in your pc you should transfer the funds before nothing is left from your compromised pc.
legendary
Activity: 2814
Merit: 2472
https://JetCash.com
Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}
member
Activity: 280
Merit: 14
You should at least post the link of the account in question so if your claims are concrete the account can be red tagged

And also the forum has a security measure that it is before an email can be changed in the forum the password to that account must be provided so who ever has your account provide your password.

You should also take part in the blame you must have lost your guard
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
When you are spending most of the time with emails,why you didn't check it.I am just said because here no fault from the admins its just how the system works.

And also we have recover method for hacked accounts here : Recovering hacked accounts or accounts with lost passwords so you need to follow the instructions and wait patiently in the long queue.

legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Quote
My point is, why don't they at least allow user to confirm that they are changing the email;
Because people, generally, set a new email address when they lose access to the old one, thus sending you an email to the old address asking for confirmation is kind of stupid.
With that being said, I think instead of sending a link to lock the account, they should give you the possibility to refuse the new changes and keep your old email address.
 
staff
Activity: 3304
Merit: 4115
My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.

This has never been in place, and by registering on the forum you don't even have to verify the email. If you had a problem with the security of the forum you could've brought it up. Many have, though. The new forum software will likely have some sort of 2fa authentication so there's that. However, no one really knows when that's going to drop.

That being said. Have you got a signed address? If you have you can start the recovery process, and in the mean time get DefaultTrust to tag it so it's basically useless to whoever hacked it.
member
Activity: 672
Merit: 29
What I can see on this thread is some big time quote abusers most especially the first individual that replied who had no reason what so ever to quote the OP whole post when he or she is directly under the post

Post quotation when abused can create an ugly scene especially when the guilty party do not really have something tangible to contribute
newbie
Activity: 16
Merit: 0
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators.

Well, your subject line says otherwise.

My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.

There are instances in which even the email addresses are being compromised by these hackers.

Also, maybe that change of email and change of password do cross line is some instances. Given that an email address is comprised, every relevant information (ie. accounts) are at risk and next to it is the changing of passwords. So that the original user will totally lose access to his/her account.




My argument is based on the fact an email address was changed without letting the owner confirm it, it can be referred to as unauthorized change of ownership. In this case, everyone's account is at risk, including the admins.
full member
Activity: 816
Merit: 133
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators.

Well, your subject line says otherwise.

My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.

There are instances in which even the email addresses are being compromised by these hackers.

Also, maybe that change of email and change of password do cross line is some instances. Given that an email address is comprised, every relevant information (ie. accounts) are at risk and next to it is the changing of passwords. So that the original user will totally lose access to his/her account.



newbie
Activity: 16
Merit: 0
Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
newbie
Activity: 16
Merit: 0
I think it has nothing to do with the administrator or forum . It's the responsibility of the account owner to ensure the security of the account. I think it's probably because you didn't keep your account password properly. It's not because of security vulnerabilities in forum. Otherwise, hackers should steal a legendary account more profitable than a Sr account.
Honestly, I would say that my account wasn't secure, and it's not like I am blaming it on the administrators. My point is, why don't they at least allow user to confirm that they are changing the email; you need to understand that change an email is unlike changing the password; changing an email is more like changing account ownership so you cannot do that without confirmations.  if we had the option to let us confirm change that we are making changes through email, none of the users would have been experiencing this, but instead, they get an email informing them that the email has been changed, by who? remains unknown.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Its your fault that you didn't checked your inbox and lock your account at time.

Its your fault to not having the passwords secured.

Its your fault that not logging in for too long time.

Don't blame anyone because its your fault.
First of all provide link to your hacked account,then only someone can check the account is hacked or not.And also you can punish the hacked account by letting him a negative trust until your recover your account by sign in a message from the bitcoin address used.
member
Activity: 61
Merit: 11
I think it has nothing to do with the administrator or forum . It's the responsibility of the account owner to ensure the security of the account. I think it's probably because you didn't keep your account password properly. It's not because of security vulnerabilities in forum. Otherwise, hackers should steal a legendary account more profitable than a Sr account.
newbie
Activity: 12
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for. 

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png
yeah, I know that feeling, not such a very good one. My account was once got hacked as well, I think you mentioned a very good point in the text above, because these hackers use the accounts do bad things such as hacking investors hardly earned money here on the forum and more.
newbie
Activity: 16
Merit: 0
Apparently, my account got hacked on the 1st November by the unknown hacker for unknown reasons.

First of all, my password was secure atleast with 3 capital letters, 6 numeric numbers and the rest was just small letters.

It came as a surprise when I tried logging just now, but I was unable due to the unknown hacker my account. The next move that anyone would take after, would be recovering the password using the email. Then again, the email was invalid.

Then I headed to bitcointalk search box and tried searching the account user name, it showed up and indicated that it was last active this morning, and proceed to show last posts and noticed that the new owner is making use of it by participating in signature campaigns and social media campaigns, and probably hacking some forum users. This individual is impersonating me and in a way ruining my reputation since I am not well aware what he uses the account for.  

Enough about that, let head over to the forum security now.

After I released that the account email and passwords were changed, I then headed to my mailbox, searched bitcointalk on the search box to find out what really happened, and guess what happen; this happened:
https://i.imgur.com/tEfWDCy.png

This is what was happening, the bitcointalk team was telling me that the email has changed. I mean, what happened to " Confirm that you are changing the email by clicking this option? Even a site that was built a day ago has that.

The admin should do a better job in securing the forum because at the moment, I don't consider it safe, how can users not confirm the emails addresses they are changing? instead, they get a notification inform them that the email changed whereas the user didn't change it. Sometimes, we take more than month without accessing the forum, so the 14 day notification doesn't do much- look at me now.

Now my Snr Member account is hacked, when will I rank as senior again since they have introduced this merit system?
Please do something about this, there have too may complain regarding hacked account.

This is my email looked before the hack - 1 November. Bitcointalk PMs:
https://i.imgur.com/zOisUw3.png
Jump to: