Topic: ALL mtgox password has been compromised, change asap, everywhere you used it - page 4. (Read 17598 times)
June 19, 2011, 02:43:06 PM
Man from the future, you seem to know this stuff. How hard would it be for people to bruteforce or crack a reasonably strong password with the encryption in the MtGox file? Say 10 characters alphanumeric.
June 19, 2011, 02:42:52 PM
The front page of mtgox is redirecting to something showing this now:
It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.
Quote
UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.
One have to be an idiot to believe that statement, someone has 500k+ btc just sitting in their mtgox account? lol
June 19, 2011, 02:42:04 PM
If this was Facebook I would not like this at all
June 19, 2011, 02:40:21 PM
I use a customized version of passwordmaker.org ...this let's me hash together one master password with various other details to generate completely unique usernames and passwords for every single online account that I have. I sleep easy knowing that if my password on one service (like mtgox) has been compromised, that my password (or username) is not compromised on other services. I highly recommend it (it can be a little inconvenient though).
June 19, 2011, 02:39:48 PM
The front page of mtgox is redirecting to something showing this now:
It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.
Quote
UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
It also says "One account with a lot of coins was compromised" and "Apart from this no account was compromised, and nothing was lost". If that's true, how did everyone's password hashes end up on the Internet for public download? Something fishy is going on.
June 19, 2011, 02:37:24 PM
I wrote an MMOG backend with better password security than MtGox. 
(Two times SHA512 hashes needed to be cracked to find a user's password)
(Two times SHA512 hashes needed to be cracked to find a user's password)
June 19, 2011, 02:35:18 PM
I wonder how they were able to get it?
SQL injection?
SQL injection?
June 19, 2011, 02:31:28 PM
https://rapidshare.com/#!download|359tg2|1969319443|accounts.csv|4023
All mtgox account password has been dumped in their hashed form (can be downloaded from the above link), passwords are being cracked as we speak. Change them asap, anywhere you used it.
All mtgox account password has been dumped in their hashed form (can be downloaded from the above link), passwords are being cracked as we speak. Change them asap, anywhere you used it.
Jump to: