Author

Topic: Account Hacking An Inside Job? (Read 1956 times)

hero member
Activity: 1778
Merit: 520
October 26, 2017, 01:00:31 PM
#58
I don't think its a inside job. Admin and moderators will never perform such a low act to earn the money. I think this forum is already earning enough money from the advertising, so there is no need for such dirty tricks to make the money.
hero member
Activity: 672
Merit: 503
October 26, 2017, 10:53:19 AM
#57

I asked for something like this ages ago I think, and I was told that it was not implemented because email wasn't considered safe, since emails tends to expire, and with expiration if you don't notice it, someone could re-register the same email and take control of your account by requesting a new password.

I don't see any evidence to claim inside jobs tho. The only thing that grinds my gears a bit is when people present enough evidence that someone owns a certain account by signing BTC addresses which are found in locked threads and unedited posts, but they still take ages to recover it, not sure what the deal with this is but im hoping all these cases get eventually resolved and people are recovering their accounts.
newbie
Activity: 27
Merit: 0
October 20, 2017, 01:08:02 AM
#56
Very interesting findings...

My current Dorkie account is worth 0.00287 BTC, or $16.53 (https://www.bctalkaccountpricer.info/?token=9aa6optk).
And my hacked Dorky account is worth 0.0672 BTC, or $387.18 (https://www.bctalkaccountpricer.info/?token=kl6r3rkk).

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.

Edit:
And those sinful + shameless people calling for stacking bitcoin addresses to recover such hacked accounts.
I say bullshit to you.

Let the dogs bark!
You are 100 % right
These guys would kill his own mother for a shitty coins
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
full member
Activity: 280
Merit: 100
October 19, 2017, 09:01:51 AM
#54
I wonder if there's something i'am missing?
Email notifications are implemented, since when?
member
Activity: 420
Merit: 13
October 19, 2017, 04:50:41 AM
#53
This forum has so many newbie accounts as well as endless cases of accounts hacked, that I feel half of the community is just fake.

You never know if the comment of a member you are reading is actually real comment, or just fake to create some false sentiment.

You can fucking bet my comments are real as gold, since I am the one that kept shouting for email notification for days before Theymos implemented it, after 8 years of operation.
hero member
Activity: 966
Merit: 501
Working 24 hours a day isn't enough anymore.
October 17, 2017, 10:30:31 PM
#52
Ahaaa.
What we got here. We agree that admins have enough resource to fix a problem, right? Still they are not fixing it for some of reason, right? And it's not for purpose of selling an accs, cuz they have plenty of money .
 
Let me guess. You want to tell that admins runs some kind of satanic cult in the "backyard". Where they are sacrificing, randomly, some of users accounts? In purpose to scare people. To fulfill an operation, which is: to mark every user of this forum with alternative of "RFID" or whatever "thing" , signed message?

That's what you wanna tell?

Precisely.

And if the latest email notification addon works to stop all (or at least most) account hacking altogether, you need to thank me for all my shout outs.

Okay. Got it. I respect your interesting theories going on here. And you seems to be serious about this matter. In fact, I'm never thought about that. Rfid and signed messages. And a CULT, running right in the middle of a bitcoin hearth, who would have thought.
member
Activity: 420
Merit: 13
October 17, 2017, 10:21:41 PM
#51
Ahaaa.
What we got here. We agree that admins have enough resource to fix a problem, right? Still they are not fixing it for some of reason, right? And it's not for purpose of selling an accs, cuz they have plenty of money .
 
Let me guess. You want to tell that admins runs some kind of satanic cult in the "backyard". Where they are sacrificing, randomly, some of users accounts? In purpose to scare people. To fulfill an operation, which is: to mark every user of this forum with alternative of "RFID" or whatever "thing" , signed message?

That's what you wanna tell?

Precisely.

And if the latest email notification addon works to stop all (or at least most) account hacking altogether, you need to thank me for all my shout outs.
hero member
Activity: 966
Merit: 501
Working 24 hours a day isn't enough anymore.
October 17, 2017, 12:08:07 PM
#50
I believe I have already said what I needed to say, and wanted to say.

If email confirmation is in place, then the hacker can never permanently take control of an account even if the initial password is as weak as "1234".
If no improvement is taken, it is either because the management has no will power, or because there is hidden motive.
I sincerely do not believe someone in charge of managing a forum for 8 years would be without any will power.
So the only conclusion I can make is the presence of hidden motive.

And while some argue the admin having several millions $ worth of bitcoins wouldn't waste time on some cheap account like mine, I agree.
But I sincerely believe the hidden motive is not as simplistic as selling some accounts for cheap money.

Like my signature goes, signed bitcoin message is an alternative to RFID chip as a Mark "on your forehead".
Just a silly speculation.
No, you are not compelled to believe what I write.
In fact, you should wait until everything is confirmed screwed up and too late, before you believe.

Having said all that, welcome the Phoenix currency come this 2018, that is bitcoin.

Yeah, you are probably right.
Why 2018 when bitcoin was introduced in 2009?
In order to know the answer why, you yourself needs to be an effective leader first.
Sheeps that work 9 to 6 every day will never know why.

Ahaaa.
What we got here. We agree that admins have enough resource to fix a problem, right? Still they are not fixing it for some of reason, right? And it's not for purpose of selling an accs, cuz they have plenty of money .
 
Let me guess. You want to tell that admins runs some kind of satanic cult in the "backyard". Where they are sacrificing, randomly, some of users accounts? In purpose to scare people. To fulfill an operation, which is: to mark every user of this forum with alternative of "RFID" or whatever "thing" , signed message?

That's what you wanna tell?
member
Activity: 420
Merit: 13
October 17, 2017, 08:54:55 AM
#49
I believe I have already said what I needed to say, and wanted to say.

If email confirmation is in place, then the hacker can never permanently take control of an account even if the initial password is as weak as "1234".
If no improvement is taken, it is either because the management has no will power, or because there is hidden motive.
I sincerely do not believe someone in charge of managing a forum for 8 years would be without any will power.
So the only conclusion I can make is the presence of hidden motive.

And while some argue the admin having several millions $ worth of bitcoins wouldn't waste time on some cheap account like mine, I agree.
But I sincerely believe the hidden motive is not as simplistic as selling some accounts for cheap money.

Like my signature goes, signed bitcoin message is an alternative to RFID chip as a Mark "on your forehead".
Just a silly speculation.
No, you are not compelled to believe what I write.
In fact, you should wait until everything is confirmed screwed up and too late, before you believe.

Having said all that, welcome the Phoenix currency come this 2018, that is bitcoin.

Yeah, you are probably right.
Why 2018 when bitcoin was introduced in 2009?
In order to know the answer why, you yourself needs to be an effective leader first.
Sheeps that work 9 to 6 every day will never know why.
hero member
Activity: 966
Merit: 501
Working 24 hours a day isn't enough anymore.
October 16, 2017, 11:26:12 PM
#48
Here could be some kind of worm involved. Some group of hackers just spotted the "niche" where they are not stealing the keys , which are strongly secured in the wallets, but  rather a passwords from this forum.

As there is no email confirmation needed to reset password, as I understand from above, makes it's easy to steal.
Or they could simply guess a password. To guess a easy password it's just a matters of time. Who knows, maybe right now, a machine already is at 5359493494 row and has just 4324 rows left to guess yours.

Mine is something like DSYh128Sdidasfqmp . Try that mr. hacker!

You can not make such an accusations.
Just because.

And take a look at statistics. Numbers of new registrations are growing so fast! That's logical, as more users there will be the more cases of stolen passwords will find a place.

copper member
Activity: 434
Merit: 278
Offering Escrow 0.5 % fee
October 16, 2017, 09:57:09 PM
#47
Such a shame ppl given an opportunity in this forum what you're saying is just unacceptable if you can provide sign message to your Dorky account only then you could prove something sinister.
full member
Activity: 406
Merit: 102
October 16, 2017, 05:57:42 PM
#46
I have read some instances here in the forum that their accounts were retrieved thru signed btc message.
And in my opinion I don't think that mods and this forum are the only one reliable for our security but ourselves also. If you do not agree on how they run this forum then I think you should find what suits you Sir. Criticism is easier to do than praising someone. This forum helped us and I think respect must be given.
copper member
Activity: 2562
Merit: 2510
Spear the bees
October 16, 2017, 02:31:37 PM
#45
Lauda the jackass said it himself/herself, that the ultimate one and only way to recover an account is thru signed btc message with a stacked address.
Lauda can be wrong. After all, if you're arguing with them then it clearly means that you find their opinion wrong. Hence why is this any different? Thus I repeat myself: there have been cases in which accounts were retrieved with a means other than signing a message with PGP or BTC addresses.
member
Activity: 420
Merit: 13
October 16, 2017, 05:53:25 AM
#44
New findings point to not 1000+ account hacked...


... but 150,000 hacked accounts just in 2013.

https://www.tech.com.pk/hacker-are-selling-bitcointalkorg/


Damn, this bitcointalk is an extremely high security risk.


Edit:
I suspect any new forum derived from bitcointalk will someday be hacked just as well.

Edit #2:
I still have strong gut feeling that all the account hack is an inside job.
And the people running the show is very sinister and dark.
Whether the hack is for some pitiful money, is not the main point.
member
Activity: 420
Merit: 13
October 16, 2017, 04:16:27 AM
#43
Email confirmation can be good but how does it work if the email is hacked?

You seem to be against signed btc message which definitely is one of the best methods to recover accounts.

For the email to be hacked, the hacker needs to hack into Yahoo!/Google/Hotmail's formidable security system.

I am not against signed btc message.
I am against signed btc message as the one and only accepted validation method.

A counter argument:
Signed btc message is good, but how does it work if the wallet/private key is lost?
member
Activity: 71
Merit: 10
October 16, 2017, 04:13:52 AM
#42
Email confirmation can be good but how does it work if the email is hacked?

You seem to be against signed btc message which definitely is one of the best methods to recover accounts.
member
Activity: 420
Merit: 13
October 16, 2017, 03:40:02 AM
#41
Hey, Dorkie.
It seems you’re quite upset/obsessed with it and I think you should back off a little nevertheless I can’t blame you for being unconvincing in some of your statements.
Hope you’ll succeed in recovering your account.      


A lot of things are unconvincing to most people today.
If I were to tell people the Mark of the Beast, they would be quick to say I am delusional.
If I were to tell people that bitcoin was actually originated from a secret intel, people would say I am delusional.
If I say bitcoin will be widely accepted and used globally, because the central bankers and top government officials are in favor of it, people would say I am delusional.
If I say bitcoin foundation is built on lies, deceit, and falsehood, people would say I am delusional.

The only thing that is rational to these people is if I say bitcoin is anti-banksters and will free them from government control, pretty much the exact idea they are brainwashed to accept.


Edit:
It is ironic that most people are quick to discredit government ban of bitcoin, saying the government has no power to control it.
And yet these people are in joyous celebration when the same government approves of it.
To date, I have yet to meet another person that notice such irony and self-contradiction of reason and logic.
full member
Activity: 280
Merit: 100
October 16, 2017, 03:34:39 AM
#40
Hey, Dorkie.
It seems you’re quite upset/obsessed with it and I think you should back off a little nevertheless I can’t blame you for being unconvincing in some of your statements.
Hope you’ll succeed in recovering your account.       
member
Activity: 420
Merit: 13
October 16, 2017, 03:24:42 AM
#39
In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.

Bullshit answer.

The truth is...
1. Email confirmation should be in place because a lot of people want it, as it is also widely used and proven safe.
2. A lot of people don't want (or don't even know/aware of it) the hassle of staking their btc address and signing message with it, that's why it should not be in place nor rigidly enforced.



Pretty much every legitimate website is using email confirmation as a security feature. Why the fucking hell this forum refuse to use the same?
Few of my deleted posts here already revealed the answer why.
member
Activity: 420
Merit: 13
October 16, 2017, 01:16:58 AM
#38
The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).
There have been cases where accounts have been recovered using other means. Not too long ago, either. If you've actually dug around enough then you would have seen such threads.
In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.
2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.
And the JS captcha for logins was added because...?

You are saying email confirmation is not in place because there are many some people don't want to use email address to register an account.

Wow, I assume you expect me to accept your answer as a very valid and logic one, no?


For your information, captcha for logins is to prevent bots. The captcha itself does not in any absolute sense prevent any hacking.

Edit:
Lauda the jackass said it himself/herself, that the ultimate one and only way to recover an account is thru signed btc message with a stacked address.
copper member
Activity: 2562
Merit: 2510
Spear the bees
October 16, 2017, 12:31:35 AM
#37
The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).
There have been cases where accounts have been recovered using other means. Not too long ago, either. If you've actually dug around enough then you would have seen such threads.
In terms of email confirmation, some people don't want to use any email for BCT. That's where PGP and address verification comes in handy since they're way easier to make and dispose of.
2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.
And the JS captcha for logins was added because...?
member
Activity: 420
Merit: 13
October 15, 2017, 10:50:41 PM
#36
The only reason why they are not helping me recover my account in any way other than thru signed BTC message, is because if they do, then this will set a very negative precedence to their current policy (i.e. requiring stacked address and sign a message with it).

Thus, no matter what I do, will still be no use.

Their policy insisting on stacked address and signing message with it is to bring forth a trend that will be used by the Beast.


Edit:
Here's what I found so far...
1. Account hacking is an ongoing and unstoppable operation dating back to more than 4 years ago, potentially since the start of this forum.
2. Admin never bother to implement other security measures (that are widely used and proven to work) to stop this hacking operation.
3. Admin insist the one and only way anyone can ever recover his account is thru stacked address and signing a message with it.

If this doesn't give me the impression of a real conspiracy, I don't know what does.
hero member
Activity: 920
Merit: 1014
October 15, 2017, 05:19:55 PM
#35
There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.

Technically speaking...the Money "Flowing" through here does not Belong to theymos. It belongs to the Forum

When it comes to money people do stupid things to attain it so i wouldn't rule out any "Theories"
newbie
Activity: 14
Merit: 0
October 15, 2017, 12:36:53 PM
#34
All of my 3 Sr Member accounts had gmx emails and all of the 3 emails didn't work. Password incorrect. Probably all expired. Don't use gmx accounts, use gmail or protonmail because they don't expire.

I told all my friends with accounts here to change their gmx account. Caution with this, a lot of people use gmx, even satoshi did (and his account got hacked too)
member
Activity: 420
Merit: 13
October 15, 2017, 12:12:30 PM
#33
There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.

They are probably not hacking the accounts to be sold for money.
They are probably hacking them to replace the real owners with a fake entities as part of a fake community to create the desired trends/sentiments.

Edit:
Or they are probably doing it for higher pay in bounty program.
If you want to know the actual reason why the hacking operation is ongoing for so many years, you can try to get in contact with one of the hackers and ask him/her direct.

Edit #2:
Additionally, if you want to know how is it possible for the hacking to be ongoing for so long and unstoppable, someone at the top may be thinking, "That's because an asshole like you never stack your bitcoin address here. We accept only signed bitcoin message as the ultimate one and only Mark of the Beast crypto Jewish Israel solution under the order of the Rothschilds. If you scum try to suggest any other solution to solve the hacking, let me tell you scum all of them are 100% invalid, no matter if every other websites are using them."

Edit #3:
Another shadow elite entity may also say to you, "Hey cockroach, we are trying to set a trend whereby everyone in the world will see and accept signed bitcoin message as the ultimate one and only method of validation. This will lay the right foundation and perception that bitcoin is the only way acceptable and should be worshiped. Yeah, I know there are solutions out there that work as well, but scum, they are not part of our network."

Edit #4:
I myself would say, "Hey asshole, selling hacked account for money is not the main point. The main point is why are they allowing the hacking to continue for so many years unstoppable, despite having the right solution in place to stop such hack in the very first place. But instead, they keep telling you to stay in line with a signed bitcoin message."
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
October 15, 2017, 10:24:00 AM
#32
There is so much money flowing through this website that I highly doubt theymos or any of the uber early adopting mods/staff have anything to do with it.

Those guys have hundreds of bitcoin’s if not more, they won’t be pissing around selling accounts for fuck all.
legendary
Activity: 2674
Merit: 2965
Terminated.
October 15, 2017, 10:02:38 AM
#31
Assuming you read this all as sarcasm, [...]
Thanks for cheering up my sunday morning.  Grin
I actually thought he was serious reading the first sentence or two, but that was before I had drunk my cup of coffee. Excellent reply indeed.

That article was also written by a conspiracytard. Some idiots just don't like the truth so fiction is more sexy.
It was you all along, I knew it! Roll Eyes

So I want to ask this Lauda the jackass another question.
Thanks for the compliment.
member
Activity: 420
Merit: 13
October 15, 2017, 09:19:16 AM
#30
When I suggested email to be immutable, Lauda the jackass came forward and said I am naive because pretty much every website allows email change.

So I want to ask this Lauda the jackass another question.

Pretty much every website uses email confirmation feature a part of its security, but why the fucking hell this forum isn't doing the same?
member
Activity: 420
Merit: 13
October 15, 2017, 09:11:32 AM
#29
Right, but ignorance is bliss. You seem to have done nothing before getting hacked yourself. Hence the reason no one else seems to care for now. They have the "it won't happen to me" mindset. I'd love to see the forum become more secure, but as for right now I don't see it happening - especially with a new forum coming out (?).

Shifting the blame on me does not free you from your own responsibilities.
Or should I say, shifting the blame on me does not free the admin/moderators from their own responsibilities.

Meditate on that.

Old forum. New forum. Means nothing to me. This old forum can be made to be as good as new.
Anyone who says it can't be done, is useless.
member
Activity: 87
Merit: 10
October 15, 2017, 09:07:10 AM
#28
To keep talking about what could be the source/vulnerability of the hacking is one thing.

To stop further hacking right away from now onward is another.


You guys endlessly focusing on the former and totally ignore the latter, while account hacks are ongoing.

You guys are totally incompetent.

I am confident enough to say that despite not being a tech guy, I can be far more technically competent than any of you.
And telling me to go away if I don't like this forum is not exactly conducive to solving the problem.
Even if I do not exist, it is still your responsibility to set things right.

Otherwise, if you want to prove me wrong, then all you need to do is shut the fuck up and take the right action to stop the ongoing hacking right this instant.

You guys are a bunch of pathetic incompetence.

Useless, is what I can describe of you.

Right, but ignorance is bliss. You seem to have done nothing before getting hacked yourself. Hence the reason no one else seems to care for now. They have the "it won't happen to me" mindset. I'd love to see the forum become more secure, but as for right now I don't see it happening - especially with a new forum coming out (?).
member
Activity: 420
Merit: 13
October 15, 2017, 08:59:50 AM
#27
To keep talking about what could be the source/vulnerability of the hacking is one thing.

To stop further hacking right away from now onward is another.


You guys endlessly focusing on the former and totally ignore the latter, while account hacks are ongoing.

You guys are totally incompetent.

I am confident enough to say that despite not being a tech guy, I can be far more technically competent than any of you.
And telling me to go away if I don't like this forum is not exactly conducive to solving the problem.
Even if I do not exist, it is still your responsibility to set things right.

Otherwise, if you want to prove me wrong, then all you need to do is shut the fuck up and take the right action to stop the ongoing hacking right this instant.

You guys are a bunch of pathetic incompetence.

Useless, is what I can describe of you.
member
Activity: 420
Merit: 13
October 15, 2017, 08:46:01 AM
#26
Stating that there should be some work done to ensure more security to the forums is totally okay , But going so far with saying that the hacked accounts is an inside job is probably one of the dumbest thing I ever come cross . You know that this forum is the biggest cryptocurrency forum in the world ? You know that this forum is probably worth millions of dollars ? . You accuse someone who owns forum that worth a lot  of money for stealing accounts worth pennies compare to what he have , There is no logic in your talk .

Who knows what exactly is/are the reason(s) why such account hack is so widespread?
It could be money. It could be several other reasons.
You might as well ask why would the hackers choose to hack an old account instead of registering a new one.
Older accounts pay more in ICO bounty program?
Or are they taking over old accounts to create false sentiments?
My hacked Dorky account is promoting stratis, bitcoin, and genesis vision.
Another hacked account may promote the same thing.
If you are a total noob, you would be somewhat swayed to consider stratis, bitcoin, and genesis vision.
Some system somewhere else may monitor this website comment hit and start reporting that stratis, bitcoin, and genesis vision are very popular and is a buy.
If you have 1000+ hacked accounts doing similar things in a concerted way, you will have a synthetic fake community that can drive sentiments.

Besides, you guys keep talking about why this is not an inside job, about database leak, etc etc.
By right you guys should focus on this ---> email confirmation.

I will continue to bring this up until you guys are fucking fed up.
member
Activity: 87
Merit: 10
October 15, 2017, 07:29:16 AM
#25
If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory. Roll Eyes

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.


If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory. Roll Eyes

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.


"What remains to be explained is the newer accounts being hacked, those that were registered after the database leak."

That too has a simple explanation. Example: search user "theymos_after_db_leak_fake_username"
Found in Database: websitehackedrecently.com (2017-03-18)
Username: xxx
Password: xxx

The accounts, while not in the Bitcointalk database, may very well be in another database which was cross-searched to find the details. Only a very limited number of people (excluding database lookups) have access to the Bitcointalk database as far as I know, and an even less number of people have the motive/ability to crack the hashes from the database (pretty strong encryption, needs a lot of power to even bother. SHA1 multiple rounds from what I remember.) so old accounts would probably be hacked using details from a newer database leak too as people tend to reuse passwords/use the same number of passwords.
sr. member
Activity: 840
Merit: 266
October 15, 2017, 07:17:41 AM
#24
Stating that there should be some work done to ensure more security to the forums is totally okay , But going so far with saying that the hacked accounts is an inside job is probably one of the dumbest thing I ever come cross . You know that this forum is the biggest cryptocurrency forum in the world ? You know that this forum is probably worth millions of dollars ? . You accuse someone who owns forum that worth a lot  of money for stealing accounts worth pennies compare to what he have , There is no logic in your talk .
hero member
Activity: 2184
Merit: 531
October 15, 2017, 06:09:29 AM
#23
If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Hacked database is probably the most plausible explanation for this wave of hacks. We have to assume that some of the accounts have given fake email addresses that they never registered, which allowed the "hackers" who got the database to check and possibly take over those addresses and reset their passwords. Also, some people never changed their passwords after the leak, making the job easy for the thieves.

What remains to be explained is the newer accounts being hacked, those that were registered after the database leak.  

Anyway, we can safely drop the theymos is stealing accounts and selling them theory. Roll Eyes

Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.

I'll do that. Just hope he won't make us wait another year.
member
Activity: 420
Merit: 13
October 15, 2017, 05:55:23 AM
#22
Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.

Wrong. My password used here isn't the same as the passwords used elsewhere, I know because newer passwords that I use are far stronger.
So no crossmatch.

By the way, I wonder if you (and everyone else) have actually notice a pattern.

It appears to me that NOBODY actually directly address the email confirmation as a viable solution.
If you look at all the past arguments I had with few of them, you will realize ALL of them actually totally ignore this solution, every time I brought it up.

What are these people trying to hide?

If I were the owner of a forum, and my forum keep getting compromised, and some members suggested email confirmation as a security measure, and I see other websites are using the same feature as part of their security, I would 100% going to use the same measure to solve my problem.
If I were to delay using such measure for years and years, and still not use it as the issue gets critical, I say I would be a complete total shithead.

If you study the behavioral pattern of these people in charge of this forum, you will see they outright ignore such solution, by totally not talking about it.

Something to hide?

Edit:
Do you ever realize this?
Do you ever realize that if email confirmation feature is in place, there would be no problem even if there is crossmatch of passwords between different websites?
Do you know why?
I will let you tell me (or contradict me) why, before I tell you why it works.

Edit #2:
By the way, the only security crap I ever know of, is the excuses that some of you keep giving me to justify not solving the problem.
member
Activity: 87
Merit: 10
October 15, 2017, 05:36:55 AM
#21
If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?

Because people continue to use the same password for every site? It's very much possible for one to look up a username on a database lookup site to get their usernames/emails/passwords from other sites and crossmatch them until they get a combination. I guarantee you one out of every thirty to forty accounts is susceptible to getting hacked via database lookups due to not changing their password frequently and continuing to use the same password.

I do believe that the owner of the forum could change the security, however it works two ways. Some people aren't interested in all the security crap and it's a lot of effort for staff to maintain, etc.
member
Activity: 420
Merit: 13
October 15, 2017, 05:33:33 AM
#20
If you guys think you are always right (along with all the sarcasm and shits), then pray tell why the fuck is the account hacking problem continue to persist for so many years?
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
October 15, 2017, 03:11:12 AM
#19
Assuming you read this all as sarcasm, [...]
Thanks for cheering up my sunday morning.  Grin
member
Activity: 420
Merit: 13
October 15, 2017, 02:48:35 AM
#18
Way to leave out this very important quote:

Nah, the guy who has run the site for 8ish years is probably behind it all. Hell, if I was Theymos and my reputation alone worth easily in excess of a few thousand bitcoins was on the line, I'd trade it all away for an account worth $16.53 as decided by an unaffiliated bot driven account pricer tool. I'd then take the risk that the gaggle of crypto junkies here that wrote bots to analyze people's typing patterns because they were bored last Tuesday morning wouldn't stumble across anything incriminating

The BCT DB was leaked sometime after you created your Dorky account and hence someone could have infiltrated your account, given that you had a sufficiently weak password. So... not an inside job. And it wouldn't matter that your password wasn't found on any other site.

And supposing that the account was sold for 0.3 - 0.5 BTC, I'm assuming that it was some time before 2017, where the price would be sub-500 for the account. There is no way that it would have been sold for such a ridiculously high amount post-2017.

I would like to have some explanation on why using email confirmation as a security measure is actually weak and unjustified, thus remain unused by Bitcointalk forum, despite it being so widely used by other websites.
copper member
Activity: 2562
Merit: 2510
Spear the bees
October 15, 2017, 12:37:31 AM
#17
You are making a lot of assumptions.... 4 in total.

-snip-

Your sarcasm is invalid, even if it is honest.
Way to leave out this very important quote:

Nah, the guy who has run the site for 8ish years is probably behind it all. Hell, if I was Theymos and my reputation alone worth easily in excess of a few thousand bitcoins was on the line, I'd trade it all away for an account worth $16.53 as decided by an unaffiliated bot driven account pricer tool. I'd then take the risk that the gaggle of crypto junkies here that wrote bots to analyze people's typing patterns because they were bored last Tuesday morning wouldn't stumble across anything incriminating

The BCT DB was leaked sometime after you created your Dorky account and hence someone could have infiltrated your account, given that you had a sufficiently weak password. So... not an inside job. And it wouldn't matter that your password wasn't found on any other site.

And supposing that the account was sold for 0.3 - 0.5 BTC, I'm assuming that it was some time before 2017, where the price would be sub-500 for the account. There is no way that it would have been sold for such a ridiculously high amount post-2017.
member
Activity: 420
Merit: 13
October 14, 2017, 10:37:28 PM
#16
I agree with you completely, people who don't take their account security seriously are certainly not to blame, and the amount of effort it takes to verify an account,  that can be made completely pseudonymously, shouldn't be nearly as hard to return back to the original owners as we make it out to be. There certainly aren't any alt coin or Bitcoin services that could possibly be phishing sites. That faucet that Users #1-1000 signed up for with their Bitcointalk UN/PW certainly couldn't have their accounts compromised by such honest operators.

You are making a lot of assumptions.... 4 in total.

Yes, I didn't take this account seriously, because there was no money involved. I was not here to buy or sell anything.
Some already said that despite signed bitcoin message, the waiting time at best is weeks/months. I wonder what's at worse. Years? Never?
This is the only bitcoin forum I participate with a password (on that hacked Dorky account) that is so old I even forget what it was.
So if a phishing site was to ask for my password, I wouldn't even remember.
The last time I used a faucet is some years ago when BTC price was around $1000.
The faucets that I joined never ask for Bitcointalk UN/PW, only BTC address to cash out satoshis.

Your sarcasm is invalid, even if it is honest.
legendary
Activity: 2590
Merit: 2156
Welcome to the SaltySpitoon, how Tough are ya?
October 14, 2017, 08:33:58 PM
#15
Well hey, follow the Bitcoin trail, maybe it'll lead you somewhere interesting!

I agree with you completely, people who don't take their account security seriously are certainly not to blame, and the amount of effort it takes to verify an account,  that can be made completely pseudonymously, shouldn't be nearly as hard to return back to the original owners as we make it out to be. There certainly aren't any alt coin or Bitcoin services that could possibly be phishing sites. That faucet that Users #1-1000 signed up for with their Bitcointalk UN/PW certainly couldn't have their accounts compromised by such honest operators.

Nah, the guy who has run the site for 8ish years is probably behind it all. Hell, if I was Theymos and my reputation alone worth easily in excess of a few thousand bitcoins was on the line, I'd trade it all away for an account worth $16.53 as decided by an unaffiliated bot driven account pricer tool. I'd then take the risk that the gaggle of crypto junkies here that wrote bots to analyze people's typing patterns because they were bored last Tuesday morning wouldn't stumble across anything incriminating.

Assuming you read this all as sarcasm, which most people probably would, I actually stand by my first sentence. Do some investigative work and follow the bitcoin trail. I wouldn't hold my breath on the shocking discovery that Theymos is behind it all, but you could find something interesting nonetheless.
copper member
Activity: 1330
Merit: 899
🖤😏
October 14, 2017, 08:31:01 PM
#14
Inside job confirmed, theymos hacks accounts and allows DT members to tag them? more than a million accounts registered in this forum, I'd say 1000 is nothing. you can use the trust system to tag any body using a hacked account to inform people and stop the fraud.
member
Activity: 420
Merit: 13
October 14, 2017, 08:11:03 PM
#13
If it takes 3 to 4 continuous years of "trying" (I assume you guys are trying) to solve a problem that almost every other websites have already solved since long ago, I have no choice but to believe in some of the possibilities:

1. You guys must be one of the most stupidest + most incompetent team to run a website, or
2. You guys have something serious and sinister to hide about the 1000+ account hacking operation.

(take your pick, are you #1 or #2? I bet you do not have #3)

Yes, conspiracytard is what a lot of people with good conscience are.
And while the conspirators continue to discredit it, making fun of it, calling it names, etc, the conspiracytards continue to be proven right.
global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
October 14, 2017, 02:20:08 PM
#12


That article was also written by a conspiracytard. Some idiots just don't like the truth so fiction is more sexy.
member
Activity: 112
Merit: 10
October 14, 2017, 02:15:36 PM
#11
Very interesting findings...

My current Dorkie account is worth 0.00287 BTC, or $16.53 (https://www.bctalkaccountpricer.info/?token=9aa6optk).
And my hacked Dorky account is worth 0.0672 BTC, or $387.18 (https://www.bctalkaccountpricer.info/?token=kl6r3rkk).

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.

Edit:
And those sinful + shameless people calling for stacking bitcoin addresses to recover such hacked accounts.
I say bullshit to you.

100% inside job? this is very serious accusation...

But i don't know why admin, in all of this months, didn't make one single post about what happening.

I mean...one single post...
member
Activity: 420
Merit: 13
October 14, 2017, 01:37:53 PM
#10
No need to reinvent the wheel with another forum. Waste of time and effort.
Epochtalk will be open source software and SMF is very outdated by current standards.
There have been millions spent on the development so far and that won't be stopped just because you think there is "no need" for it.
The switch is necessary and long overdue.

Switch overdue, open source, etc, is none of my business.

Stupid comment. Otherwise if you are not satisfied with your government/bank/company, you might as well start your own government/bank/company.
Yes, if you don't like the service at one place, you go search for another.  Yes, you are right. I should. I don't need anyone to tell me that.

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.
does not compute.
I have no idea myself. Maybe your math failed.
Oh please, enlighten me.  Refer to email confirmation for solution.

Read this non-stop until you understand.

Quote
Countless of websites, big and small, have been using email confirmation very successfully and continue doing so. Just adopt what works will do perfectly fine.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
October 14, 2017, 01:32:34 PM
#9
No need to reinvent the wheel with another forum. Waste of time and effort.
Epochtalk will be open source software and SMF is very outdated by current standards.
There have been millions spent on the development so far and that won't be stopped just because you think there is "no need" for it.
The switch is necessary and long overdue.

Stupid comment. Otherwise if you are not satisfied with your government/bank/company, you might as well start your own government/bank/company.
Yes, if you don't like the service at one place, you go search for another.

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.
does not compute.
I have no idea myself. Maybe your math failed.
Oh please, enlighten me.
member
Activity: 420
Merit: 13
October 14, 2017, 01:29:16 PM
#8
The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.
does not compute.  I have no idea myself. Maybe your math failed.

If I were in charge of the whole forum, the problem would have been solved within a month.
Start your own forum.  Stupid comment. Otherwise if you are not satisfied with your government/bank/company, you might as well start your own government/bank/company.

I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code.
Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.  No need to reinvent the wheel with another forum. Waste of time and effort. Pixie85 was right to mention email confirmation. Countless of websites, big and small, have been using email confirmation very successfully and continue doing so. Just adopt what works will do perfectly fine.
member
Activity: 420
Merit: 13
October 14, 2017, 01:21:54 PM
#7
I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code. Only after you pass all three you are able to change your account details. This forum doesn't have all that because back when it was made nobody even thought of accounts being worth over $200 and people managing advertising and sales campaigns from their accounts.
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day Wink

Absolutely right.
In fact, there is not even the need for PIN number or 2FA.
Just an email confirmation that the original user really intent to change anything, including changing to a new email, would still do very well.

I am sure those involved in the daily operation of this forum should already know these, and they cannot pledge ignorance.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
October 14, 2017, 01:18:07 PM
#6
The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.
does not compute.

If I were in charge of the whole forum, the problem would have been solved within a month.
Start your own forum.

I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code.
Additional security features will be available in epochtalk. Theymos probably doesn't want to put too much work into the current forum software when the switch to epochtalk is planned anyway.
Wanna do something to make the forum more secure? Help beta test epochtalk.
hero member
Activity: 2184
Merit: 531
October 14, 2017, 01:15:33 PM
#5
I agree with your last post. It's not hard to make forum more secure. I've seen exchanges that give you layers and layers of things you have to do to change a password starting from a 4 digit pin number, then an email confirmation and ending with a 2fa code. Only after you pass all three you are able to change your account details. This forum doesn't have all that because back when it was made nobody even thought of accounts being worth over $200 and people managing advertising and sales campaigns from their accounts.
I'm pretty sure that if a staff member's account was hacked the recovery wouldn't take more than a day Wink
member
Activity: 420
Merit: 13
October 14, 2017, 12:55:13 PM
#4
Those prices are too high. I doubt people are really paying as much as the account pricer is telling them to.

I think account recovery used to work, but that was like a year ago, when there was much less accounts being stolen. Now there's just not enough people with access to administrative tools to handle those requests. There must be a vulnerability that they are using to reset passwords. People are saying we are about to get a new forum, but if you search that phrase you'll find threads dating 3 years back where people were saying the same thing.

Even if the accounts are sold for free, there is still fraud involved.

And the fact that such fraud can persist for more than 3 years should raise a huge red flag.

When the world is so full of scam artists, fraudsters, cheaters, etc, it does not pay to give people the benefit of doubt.

If I were in charge of the whole forum, the problem would have been solved within a month.

And I am not even a tech guy.
hero member
Activity: 2184
Merit: 531
October 14, 2017, 12:48:53 PM
#3
Very interesting findings...

My current Dorkie account is worth 0.00287 BTC, or $16.53 (https://www.bctalkaccountpricer.info/?token=9aa6optk).
And my hacked Dorky account is worth 0.0672 BTC, or $387.18 (https://www.bctalkaccountpricer.info/?token=kl6r3rkk).

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.

Edit:
And those sinful + shameless people calling for stacking bitcoin addresses to recover such hacked accounts.
I say bullshit to you.
Those prices are too high. I doubt people are really paying as much as the account pricer is telling them to.

I think account recovery used to work, but that was like a year ago, when there was much less accounts being stolen. Now there's just not enough people with access to administrative tools to handle those requests. There must be a vulnerability that they are using to reset passwords. People are saying we are about to get a new forum, but if you search that phrase you'll find threads dating 3 years back where people were saying the same thing.
member
Activity: 420
Merit: 13
October 14, 2017, 12:22:29 PM
#2
Very interesting findings...

My current Dorkie account is worth 0.00287 BTC, or $16.53 (https://www.bctalkaccountpricer.info/?token=9aa6optk).
And my hacked Dorky account is worth 0.0672 BTC, or $387.18 (https://www.bctalkaccountpricer.info/?token=kl6r3rkk).

The fact that there is such business freely in operation without restrain whatsoever to buy and sell bitcointalk accounts is now 100% confirmed all the account hacking is 100% inside job.

Edit:
And those sinful + shameless people calling for stacking bitcoin addresses to recover such hacked accounts.
I say bullshit to you.
member
Activity: 420
Merit: 13
October 14, 2017, 11:45:39 AM
#1
Here's what I found, from 3 years ago.
Until today, such account hacking scam remain freely in operation.
Theymos is not doing anything to stop the hacking.
Some even said Theymos is actually part of the hacking operation!
I will leave innocent members here to decide for themselves.

https://www.cryptocoinsnews.com/bitcointalk-accounts-are-being-bought-and-sold/


TL;DR
Accounts are stolen, and then sold, to cheat and scam others.

Edit:
I also found out senior member account was sold for the price of 0.3 btc to 0.5 btc.
Never thought my Dorky account would be worth few grands.

Edit #2:
Apparently signing bitcoin messages is just another excuse to a problem that will not be solved.

The Bible's Matthew 6:19-21 is always right and will remain valid until Judgment Day.

Quote
Do not store up for yourselves treasures on earth, where moths and vermin destroy, and where thieves break in and steal. But store up for yourselves treasures in heaven, where moths and vermin do not destroy, and where thieves do not break in and steal. For where your treasure is, there your heart will be also.
Jump to: