Topic: Account Hacking An Inside Job? - page 3. (Read 1956 times)

I would like to have some explanation on why using email confirmation as a security measure is actually weak and unjustified, thus remain unused by Bitcointalk forum, despite it being so widely used by other websites.

Way to leave out this very important quote:

---

The BCT DB was leaked sometime after you created your Dorky account and hence someone could have infiltrated your account, given that you had a sufficiently weak password. So... not an inside job. And it wouldn't matter that your password wasn't found on any other site.

And supposing that the account was sold for 0.3 - 0.5 BTC, I'm assuming that it was some time before 2017, where the price would be sub-500 for the account. There is no way that it would have been sold for such a ridiculously high amount post-2017.

You are making a lot of assumptions.... 4 in total.

Yes, I didn't take this account seriously, because there was no money involved. I was not here to buy or sell anything.
Some already said that despite signed bitcoin message, the waiting time at best is weeks/months. I wonder what's at worse. Years? Never?
This is the only bitcoin forum I participate with a password (on that hacked Dorky account) that is so old I even forget what it was.
So if a phishing site was to ask for my password, I wouldn't even remember.
The last time I used a faucet is some years ago when BTC price was around $1000.
The faucets that I joined never ask for Bitcointalk UN/PW, only BTC address to cash out satoshis.

Your sarcasm is invalid, even if it is honest.

Well hey, follow the Bitcoin trail, maybe it'll lead you somewhere interesting!

I agree with you completely, people who don't take their account security seriously are certainly not to blame, and the amount of effort it takes to verify an account,  that can be made completely pseudonymously, shouldn't be nearly as hard to return back to the original owners as we make it out to be. There certainly aren't any alt coin or Bitcoin services that could possibly be phishing sites. That faucet that Users #1-1000 signed up for with their Bitcointalk UN/PW certainly couldn't have their accounts compromised by such honest operators.

Nah, the guy who has run the site for 8ish years is probably behind it all. Hell, if I was Theymos and my reputation alone worth easily in excess of a few thousand bitcoins was on the line, I'd trade it all away for an account worth $16.53 as decided by an unaffiliated bot driven account pricer tool. I'd then take the risk that the gaggle of crypto junkies here that wrote bots to analyze people's typing patterns because they were bored last Tuesday morning wouldn't stumble across anything incriminating.

Assuming you read this all as sarcasm, which most people probably would, I actually stand by my first sentence. Do some investigative work and follow the bitcoin trail. I wouldn't hold my breath on the shocking discovery that Theymos is behind it all, but you could find something interesting nonetheless.

Inside job confirmed, theymos hacks accounts and allows DT members to tag them? more than a million accounts registered in this forum, I'd say 1000 is nothing. you can use the trust system to tag any body using a hacked account to inform people and stop the fraud.

If it takes 3 to 4 continuous years of "trying" (I assume you guys are trying) to solve a problem that almost every other websites have already solved since long ago, I have no choice but to believe in some of the possibilities:

1. You guys must be one of the most stupidest + most incompetent team to run a website, or
2. You guys have something serious and sinister to hide about the 1000+ account hacking operation.

(take your pick, are you #1 or #2? I bet you do not have #3)

Yes, conspiracytard is what a lot of people with good conscience are.
And while the conspirators continue to discredit it, making fun of it, calling it names, etc, the conspiracytards continue to be proven right.

That article was also written by a conspiracytard. Some idiots just don't like the truth so fiction is more sexy.

100% inside job? this is very serious accusation...

But i don't know why admin, in all of this months, didn't make one single post about what happening.

I mean...one single post...

Read this non-stop until you understand.

Epochtalk will be open source software and SMF is very outdated by current standards.
There have been millions spent on the development so far and that won't be stopped just because you think there is "no need" for it.
The switch is necessary and long overdue.

Yes, if you don't like the service at one place, you go search for another.

Oh please, enlighten me.

Absolutely right.
In fact, there is not even the need for PIN number or 2FA.
Just an email confirmation that the original user really intent to change anything, including changing to a new email, would still do very well.

I am sure those involved in the daily operation of this forum should already know these, and they cannot pledge ignorance.

does not compute.

Start your own forum.

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code. Only after you pass all three you are able to change your account details. This forum doesn't have all that because back when it was made nobody even thought of accounts being worth over $200 and people managing advertising and sales campaigns from their accounts.
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day

Even if the accounts are sold for free, there is still fraud involved.

And the fact that such fraud can persist for more than 3 years should raise a huge red flag.

When the world is so full of scam artists, fraudsters, cheaters, etc, it does not pay to give people the benefit of doubt.

If I were in charge of the whole forum, the problem would have been solved within a month.

And I am not even a tech guy.

Those prices are too high. I doubt people are really paying as much as the account pricer is telling them to.

I think account recovery used to work, but that was like a year ago, when there was much less accounts being stolen. Now there's just not enough people with access to administrative tools to handle those requests. There must be a vulnerability that they are using to reset passwords. People are saying we are about to get a new forum, but if you search that phrase you'll find threads dating 3 years back where people were saying the same thing.

Very interesting findings...

My current Dorkie account is worth 0.00287 BTC, or $16.53 (https://www.bctalkaccountpricer.info/?token=9aa6optk).
And my hacked Dorky account is worth 0.0672 BTC, or $387.18 (https://www.bctalkaccountpricer.info/?token=kl6r3rkk).

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.

Edit:
And those sinful + shameless people calling for stacking bitcoin addresses to recover such hacked accounts.
I say bullshit to you.

Here's what I found, from 3 years ago.
Until today, such account hacking scam remain freely in operation.
Theymos is not doing anything to stop the hacking.
Some even said Theymos is actually part of the hacking operation!
I will leave innocent members here to decide for themselves.

https://www.cryptocoinsnews.com/bitcointalk-accounts-are-being-bought-and-sold/


TL;DR
Accounts are stolen, and then sold, to cheat and scam others.

Edit:
I also found out senior member account was sold for the price of 0.3 btc to 0.5 btc.
Never thought my Dorky account would be worth few grands.

Edit #2:
Apparently signing bitcoin messages is just another excuse to a problem that will not be solved.

The Bible's Matthew 6:19-21 is always right and will remain valid until Judgment Day.