Bitcointalk.org and BTC-e hacked? | Bitcointalksearch.org

Syth

full member

Activity: 132

Merit: 100

I just checked 3 emails listed in the pastebin.
1 email was registered and public
the 2 others didn't return any results. Could be hidden though

Quote

Syth

full member

Activity: 132

Merit: 100

I got this email in my spam folder too, sent to my private email address which I used to signup for this user account.
Found this pastebin(http://pastebin.ca/2865842) which lead me to here.

I just checked to see if my email was public and it seems I already did hide it when I signed up.

So it wasn't only sent to users with their email addresses set to public.

Vod

legendary

Activity: 3668

Merit: 3010

Licking my boob since 1970

Quote from: altcoin.center on October 28, 2014, 08:07:53 PM

EDIT: It would take a little while to send the message to all the users. That's not a "proof" of any kind but would explain why you may not received your copy yet. Please let me know if you do get one.

Still nothing. Undecided

I think your public email address is the cause, not a hack.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

When I read the first post I thought:

Are you kidding me ? It is obvious this is only a scam .

MultipliedCombo

sr. member

Activity: 308

Merit: 250

It's totally fake. I wouldn't worry about it, there's plenty of people on the internet trying to scam you out of your Bitcoins.

Neotox

legendary

Activity: 1120

Merit: 1000

Free & Fast Neotox Escrow http://bit.ly/1OGVykp

its just a fake
they are trying to scam people with fake info
if someone really hacked then he will sell this info for 0.15 BTC
never

it worth much more then this

raveldoni

sr. member

Activity: 434

Merit: 250

🤖UBEX.COM 🤖

Quote from: Beastlymac on October 28, 2014, 10:06:59 PM

If they had hacked bitcointalk don't you think they would I have posted under multiple high member accounts to advertise? Post under people like theymos, Satoshi?

That would be the best way of proving it.

Yeah. I agree with that. It would make more sense than selling it for 0.15. They would've earned much more than that by using higher level accounts.

Beastlymac

hero member

Activity: 630

Merit: 501

Miner Setup And Reviews. WASP Rep.

If they had hacked bitcointalk don't you think they would I have posted under multiple high member accounts to advertise? Post under people like theymos, Satoshi?

That would be the best way of proving it.

Pkofet

sr. member

Activity: 406

Merit: 250

Quote from: NLNico on October 28, 2014, 08:33:57 PM

Bitcointalk has very decent bug bounties, see here: https://bitcointalksearch.org/topic/security-bounties-309785

Obtaining arbitrary PMs or password hashes would be around 24 BTC based on current prices.

Root access (since they have DB and source?) would be around 35 BTC based on current prices.

But instead they e-mail randoms asking for 0.3 BTC. Lol. SCAAAAMMMM

Wow I didn't know there are bug bounties on bitcointalk and they are pretty big.

Someone has sent 0.15 btc to the address https://blockchain.info/address/1shopAH6JmxABLCbbG4wNAUZVh3ZjtGfF to the "hacker".

Cortex7

full member

Activity: 238

Merit: 106

Quote from: altcoin.center on October 28, 2014, 08:27:36 PM

Quote from: Cortex7 on October 28, 2014, 08:20:50 PM

Someone may have created a script to scrape all users from here:

https://bitcointalk.org/index.php?action=mlist

And harvest all the public email addresses (yours is set public).

I suspect it's a phish, a real dump would get sold in a more underground manner for more coin than they asked for here.

Yes, a harvesting script is one possibility.

And the message can be a fish.

Selling the data in a more underground manner may have already happened. Wink

It will be interesting to see how this turns out.

A rhetoric question: Should I not have made this post about the message, or should I simply have posted it out without giving any opinions of my own?

It may not be immediately obvious, but I did in fact think several times, whether or not I make this post - first of all because the message may not be real, and secondly because it's a certain way to start a flood of negative comments, which don't exactly bother me but it's still tiresome going through them, possibly ending up in an endless loop of trying to answer questions that are not even meant to be answerable.

In the previous chapter, I'm not referring to the above discussion about harvesting etc. - those are good points. Then again, the possibility of something does not exclude the existence of another, at least until there is actual and factual proof one way or the other. It should be pretty obvious soon; if the sites have really been hacked, it's not going to go unnoticed.

-j.

No worries, it's good to be overly cautious with regard security.

If you make some folk change passwords then that certainly can't hurt.

You don't need to change your handle to "Chicken Little" just yet Cheesy

NLNico

legendary

Activity: 1876

Merit: 1295

DiceSites.com owner

Bitcointalk has very decent bug bounties, see here: https://bitcointalksearch.org/topic/security-bounties-309785

Obtaining arbitrary PMs or password hashes would be around 24 BTC based on current prices.

Root access (since they have DB and source?) would be around 35 BTC based on current prices.

But instead they e-mail randoms asking for 0.3 BTC. Lol. SCAAAAMMMM

altcoin.center

full member

Activity: 210

Merit: 101

Quote from: Cortex7 on October 28, 2014, 08:20:50 PM

Someone may have created a script to scrape all users from here:

https://bitcointalk.org/index.php?action=mlist

And harvest all the public email addresses (yours is set public).

I suspect it's a phish, a real dump would get sold in a more underground manner for more coin than they asked for here.

Yes, a harvesting script is one possibility.

And the message can be a fish.

Selling the data in a more underground manner may have already happened. Wink

It will be interesting to see how this turns out.

A rhetoric question: Should I not have made this post about the message, or should I simply have posted it out without giving any opinions of my own?

It may not be immediately obvious, but I did in fact think several times, whether or not I make this post - first of all because the message may not be real, and secondly because it's a certain way to start a flood of negative comments, which don't exactly bother me but it's still tiresome going through them, possibly ending up in an endless loop of trying to answer questions that are not even meant to be answerable.

In the previous chapter, I'm not referring to the above discussion about harvesting etc. - those are good points. Then again, the possibility of something does not exclude the existence of another, at least until there is actual and factual proof one way or the other. It should be pretty obvious soon; if the sites have really been hacked, it's not going to go unnoticed.

-j.

altcoin.center

full member

Activity: 210

Merit: 101

Quote from: mprep on October 28, 2014, 08:11:32 PM

They don't have to post all the data, just a snippet like several usernames and their passwords, anything pretty much. Also, think about it, anyone could write up an email like this, hell, I could if I wanted (not that I do). It's really easy with some basic technical knowledge to write up some fake email claiming to have hacked a site and ask money for it.

Yes, I did get the point of why it would make sense to publish at least something to prove the claims made.

What I'm saying is that doing so is not a de facto standard of the hacking industry, and that the lack of it does not exactly prove anything either.

It is of course very easy to just send an e-mail like that, hoping that at least someone would pay the price.

And still, that possibility does not mean that the message in question would be fake.

Quote from: mprep on October 28, 2014, 08:11:32 PM

What he probably meant to say is that he doubts your experience in IT security due to the fact that you believe a baseless email with no proof. Sadly, I have to agree.

Your analysis matches with my guesswork as well.

However, I'd like to point out that I'm not "believing" anything, which can be clearly seen in my original post. I'm making the educated guess, based on the 15+ experience I have from the field, that the message is more probably real than fake. Even this estimate does not mean I would just blindly digest my initial analysis and start considering it a proven fact. It's an estimate, made by someone with experience, and questioned by someone of whose expertise in this area I'm not yet aware of.

You don't have to be sad for what your estimate of me or my experience is.

If I were you, I think I'd still change my password - can't loose much doing that anyways.

-j.

Cortex7

full member

Activity: 238

Merit: 106

Quote from: altcoin.center on October 28, 2014, 08:14:18 PM

Quote from: robmob on October 28, 2014, 07:12:05 PM

That is 100% fake if the got they database for both sites they would not be sending emails to random people trying to sell for that low of a amount considering the BTC-e accounts would have funds in some of them and they woulld just take them rather then selling the database.

I'm not a random person but a bitcointalk.org user.

I have two accounts registered and received two e-mails.

Considering

- how much time it would take to go through all the accounts at BTC-e

- how likely it is that heist of that type would be noticed very soon

and

- how much doing something like that would raise the chances of being caught,

I too might well go for selling the database with a cheap price to a maximum number of people.

I'm still not sure whether or not the message is fake or not, though.

-j.

Someone may have created a script to scrape all users from here:

https://bitcointalk.org/index.php?action=mlist

And harvest all the public email addresses (yours is set public).

I suspect it's a phish.

williamj2543

hero member

Activity: 588

Merit: 500

Get ready for PrimeDice Sig Campaign!

First of all this is definitely fake. The price is way too low for the "complete dump" of these sites. Way more than 0.3 can be made from using even one users account. On the other side, maybe he doesn't want to be the one responsible for hacking, so he is selling this to someone and its untraceable.

mprep

global moderator

Activity: 3794

Merit: 2612

In a world of peaches, don't ask for apple sauce

Quote from: altcoin.center on October 28, 2014, 08:14:18 PM

Quote from: robmob on October 28, 2014, 07:12:05 PM

That is 100% fake if the got they database for both sites they would not be sending emails to random people trying to sell for that low of a amount considering the BTC-e accounts would have funds in some of them and they woulld just take them rather then selling the database.

I'm not a random person but a bitcointalk.org user.

I have two accounts registered and received two e-mails.

Considering

- how much time it would take to go through all the accounts at BTC-e

- how likely it is that heist of that type would be noticed very soon

and

- how much doing something like that would raise the chances of being caught,

I too might well go for selling the database with a cheap price to a maximum number of people.

I'm still not sure whether or not the message is fake or not, though.

-j.

I'll quote it, because you seem to have missed it:

Quote

It seems you haven't set your email as hidden so anyone can see it (including me, any forum user, random internet user), so do email sweepers.

altcoin.center

full member

Activity: 210

Merit: 101

Quote from: robmob on October 28, 2014, 07:12:05 PM

That is 100% fake if the got they database for both sites they would not be sending emails to random people trying to sell for that low of a amount considering the BTC-e accounts would have funds in some of them and they woulld just take them rather then selling the database.

I'm not a random person but a bitcointalk.org user.

I have two accounts registered and received two e-mails.

Considering

- how much time it would take to go through all the accounts at BTC-e

- how likely it is that heist of that type would be noticed very soon

and

- how much doing something like that would raise the chances of being caught,

I too might well go for selling the database with a cheap price to a maximum number of people.

I'm still not sure whether or not the message is fake or not, though.

-j.

mprep

global moderator

Activity: 3794

Merit: 2612

In a world of peaches, don't ask for apple sauce

Quote from: altcoin.center on October 28, 2014, 08:04:57 PM

Quote from: mprep on October 28, 2014, 07:10:49 PM

Seems quite fake, just like dozens of others I've seen. This one didn't even provide a (fake) example of "stolen" data.

Well, based on the cases I've seen, it's not usually considered necessary for crackers to give that kind of proof - unless they publish all the data openly, in which case their point is not trying to make money but a statement of some kind.

To my senses the message does not seem fake. I did give that option considerable amount of time too.

Perhaps I'm wrong, which is not a problem for me. Have had to learn that skill since I do indeed make mistakes too.

-j.

They don't have to post all the data, just a snippet like several usernames and their passwords, anything pretty much. Also, think about it, anyone could write up an email like this, hell, I could if I wanted (not that I do). It's really easy with some basic technical knowledge to write up some fake email claiming to have hacked a site and ask money for it.

Quote from: altcoin.center on October 28, 2014, 08:01:23 PM

Quote from: Mikez on October 28, 2014, 07:30:19 PM

For someone stating that has worked with IT security for some time I would expect them to realize that this looks fake, instead of considering the opposite.

So you're saying there's only one opinion about issues like this one?

And that you know, which opinion is right, right?

May I ask, is your estimate based on actual experience or just guesswork?

Not attempting to be rude - just asking.

-j.

What he probably meant to say is that he doubts your experience in IT security due to the fact that you believe a baseless email with no proof. Sadly, I have to agree.

Quote from: altcoin.center on October 28, 2014, 08:07:53 PM

Quote from: Vod on October 28, 2014, 07:36:04 PM

If they had all the email addresses from bitcointalk, why didn't they send that message to all of them?

I use my real email here and I didn't get such a message. Undecided

I received the message to twice, sent to the same two addresses I use with my two accounts at bitcointalk.org.

-j.

EDIT: It would take a little while to send the message to all the users. That's not a "proof" of any kind but would explain why you may not received your copy yet. Please let me know if you do get one.

It seems you haven't set your email as hidden so anyone can see it (including me, any forum user, random internet user), so do email sweepers.

altcoin.center

full member

Activity: 210

Merit: 101

Quote from: Vod on October 28, 2014, 07:36:04 PM

If they had all the email addresses from bitcointalk, why didn't they send that message to all of them?

I use my real email here and I didn't get such a message. Undecided

I received the message to twice, sent to the same two addresses I use with my two accounts at bitcointalk.org.

-j.

EDIT: It would take a little while to send the message to all the users. That's not a "proof" of any kind but would explain why you may not received your copy yet. Please let me know if you do get one.

altcoin.center

full member

Activity: 210

Merit: 101

Quote from: mprep on October 28, 2014, 07:10:49 PM

Seems quite fake, just like dozens of others I've seen. This one didn't even provide a (fake) example of "stolen" data.

Well, based on the cases I've seen, it's not usually considered necessary for crackers to give that kind of proof - unless they publish all the data openly, in which case their point is not trying to make money but a statement of some kind.

To my senses the message does not seem fake. I did give that option considerable amount of time too.

Perhaps I'm wrong, which is not a problem for me. Have had to learn that skill since I do indeed make mistakes too.

-j.

Topic: Bitcointalk.org and BTC-e hacked? (Read 2899 times)