Topic: [ANN] CoinByCall.com - Get paid in BTC for listening radio over the phone - page 6. (Read 65316 times)

Hacked again? Maybe you should invest some effort into better security?
How about new finnish numbers? They are blacklisted by the most providers...

CBC got hacked again. Passwords were reset. Please recover your PW and verify that your BTC or LTC payout address is actually yours.

also the page is down... what is going on there?

Is this project still "active"? No reply since 5th may?

Is it possible to get some new numbers?

All german and finnish numbers are blacklisted as far as I can see. 
Numbers of Poland and Netherlands are also blacklisted - at least for me.

The passwords were not hashed but stored in plain text (or crypted reversibely).

if you do use that password somewhere else, you should change it asap.

EDIT: And they are still being saved in plain text ...

I already posted that like two months ago: Storing plain passwords is BAD.
And now, after such a hacker attack, you really should delete all the passwords from the server and implement a secure hashing algorithm for the passwords!!

What risk do you need to assess? Consider the password compromised and act appropriately.

Pro tip: If you reuse passwords at multiple sites you were doing it wrong in the first place.

Sorry about your attack, you seem to be dealing with it good.


How were the passwords hashed? This will allow us to make a self-assessment of the risks, thanks.

UPDATE 02/May/2015: Sorry guys, made a mistake and the "hacker" still had access to some passwords. Therefore the passwords have been changed again, please recover them once more. Sorry!

In the meantime, that guy - who calls himself Kevin Mitnick (LOL!) - tried to blackmail CBC. See http://abload.de/img/moron1sua9.png

In any case, if you are using your CBC password someplace else, indeed you should change it now.

Once I got his exact address I'll come back to your offer

Same here.
Anyway, I hope you can repair the system and get the stolen btc back (preferably without using the last resort but if you need, I have my sledgehammer right here by my side. I just need a plane ticket both for me and my sledgehammer and a rental car ).
Thank you for the update!

Something is broken:

omg noob attacker 

How?

cool story

CoinByCall was compromised on 29/Apr/2015. The attacker managed to steal all Bitcoins from our wallet by transferring them to his own.

He got access to the user database and changed the BTC addresses of about 110 accounts (out of 5200) to his own BTC address. He lowered the payout threshold of these accounts and after the payout mechanism got triggered, the system sent the BTC balance of about 50 user accounts to the attacker.

The system then stopped to create more transactions because the wallet didn't have any coins left.

Those ~50 users lost their Bitcoin balance. In total about 1.2 BTC were stolen.

We've restored the user database with the original users' BTC addresses and changed all passwords of all user accounts. Please perform the following steps to receive your new password via E-Mail:

1. Go to http://coinbycall.com/login
2. Enter your username at "login"
3. Enter at least 6 digits (can be anything) at "password"
4. Click on "Forgot Password?"

Your new password will then get E-mailed to you. If the E-Mail address you registered with is fake you are out of luck and your account is non-recoverable. In this case you may create a new account.

Calls were not lost.

It may take until Monday before payouts are resumed.

Although the attacker tried to hide his identity by using proxies, he made several mistakes. Therefore we were able to track the attacker down to an individual living in New England in the US. He's using Comcast to access the internet and we got several IP addresses with timestamps, for example IPv4 50.163.62.xxx on 29/Apr/2015:16:57:09 GMT+0200. His IPv6 is 2601:6:3d00:a60:f8e0:ccca:xxxx. He's got a Nexus 5 phone.

Some words to the attacker: Although the stolen amount is low, we *will* involve law enforcement and pass all documentation to them if the stolen funds are not transferred back to 1DNxMwkUt8wWoM4wfKbgySzVFsExhfWSYD by 04/May/2015. Is 1.2 BTC really worth it? Think twice about it.

We apologize for the inconvenience.

is it just me or are the latest calls (for 2 days) not listed?

Great, thanks. But the Payout is only  0.00000094 BTC?
I remember it being something around 0.00000250 ...

Will the payout be increased in the near future?

Germany is back online.

OK, thats weird. That was the first time I ever called the Netherlands number.

But I'll try another provider.
Anything new about the german numbers?