Pages:
Author

Topic: Caution: My Hero account has been potentially compromised - page 4. (Read 2652 times)

KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
Ok I will wait.

Btw I just learned that signing such a generic message may be a mistake because someone else could use it to impersonate me...:


Another suggestion, I might be wrong though.

If you just put Bitcoin address or PGP key, it is easy to impose another person. A signed message is better.

False.

In reality is it the other way around.

The Bitcoin address or public PGP key cannot be use to impose another person.
Most user have this information public available in their signature, contact information, keybase.io etc.
But you need it to published somewhere in bitcoin talk in order to be able to retrieve your account if it gets stolen.

Publishing a generic signed message is not cleaver, it can be used by an imposter.
If you sign something, the message must include the purpose of the signed message and include the time/date.

This is an example of a not so cleaver signed message:
Message: "This is TookDk from Bitcointalk"
Signature:

This is much better:
Message: "Date: 2015.03.19. The purpose of this message is to prove that TookDk from Bitcointalk is in control of bitcoin address 1TookDkVTaqsCn56Xo7aMfUMAUN3NhRjN at this point in time"
Signature:




Makes sense. So should I sign the same address again with a better message?

Always add the current date and even time if you wish, but I would follow the above link to the letter. You could sign another here and send Cyrus the link.
newbie
Activity: 51
Merit: 0
Ok I will wait.

Btw I just learned that signing such a generic message may be a mistake because someone else could use it to impersonate me...:


Another suggestion, I might be wrong though.

If you just put Bitcoin address or PGP key, it is easy to impose another person. A signed message is better.

False.

In reality is it the other way around.

The Bitcoin address or public PGP key cannot be use to impose another person.
Most user have this information public available in their signature, contact information, keybase.io etc.
But you need it to published somewhere in bitcoin talk in order to be able to retrieve your account if it gets stolen.

Publishing a generic signed message is not cleaver, it can be used by an imposter.
If you sign something, the message must include the purpose of the signed message and include the time/date.

This is an example of a not so cleaver signed message:
Message: "This is TookDk from Bitcointalk"
Signature:

This is much better:
Message: "Date: 2015.03.19. The purpose of this message is to prove that TookDk from Bitcointalk is in control of bitcoin address 1TookDkVTaqsCn56Xo7aMfUMAUN3NhRjN at this point in time"
Signature:




Makes sense. So should I sign the same address again with a better message? (and edit the post above)
KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
I wonder who is faster recovering accounts, theymos or Cyrus. I sent it to Cyrus because he was online but I saw theymos post right now :p

If you have already sent to theymos and he fails to see the required proof, he will ignore you after that. May have a better shot with Cyrus but don't spam him to death.

https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545


    
Recovering hacked accounts or accounts with lost passwords
March 02, 2014, 08:45:09 PM
   
 #1
If you use any sort of Google email service, then the password recovery email will go to your spam folder.

If you want us to recover a hacked/lost account, you need to prove that you own it. Typically, the only acceptable method of proving ownership is by signing a message (including current date and desired new email address) using a Bitcoin address or PGP key associated with the account. A Bitcoin address or PGP key is associated with the account only if the account posted the key/address, sent it in a PM, or if it is still listed in the account's profile.

I very rarely recover accounts if you can't prove ownership as described above. There are alternative ways of proving ownership, but they take too much time. If I point you to this thread, you can't prove ownership properly, and then I ignore your future PMs, this means that I'm not going to recover your account. Create a new one.

Send one PM to either me or Cyrus. When sending a PM, use a template like this:

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account has been hacked/lost. Please reset the email to . The current date is .
-----BEGIN SIGNATURE-----


-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: ...
OR
I sent that address to someone in a PM with PM ID#...

All required info must be in one PM.

Do not create your temporary account using the same email address you want for the hacked/lost account. No two accounts can have the same email address.
newbie
Activity: 51
Merit: 0
I wonder who is faster recovering accounts, theymos or Cyrus. I sent it to Cyrus because he was online but I saw theymos post right now :p
KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
All you can do is wait. Account recovery is low priority.
newbie
Activity: 51
Merit: 0
I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:



Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.

How about this addy: http://archive.fo/tBwvf

Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
Hi, im manselr from bitcointalk. The date is October 10, 2017, 01:51:33 AM, the address is 14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg. Please help.
-----BEGIN SIGNATURE-----
14jiszwz2pLZR43LXQpFheJs8zbpX1qCYg
IDBZuHGo0qvmTRM/is6MjiToDzM7xngU2OcXsJd/8kmfHeX0ONsnSBEHxVE2OB5Ktk1vvVuabdC4eO1LqBueBeA=
-----END BITCOIN SIGNED MESSAGE-----

There you have it. I don't want to make public the email, Cyrus has it on the PM but I still didn't get any replies back.
KWH
legendary
Activity: 1904
Merit: 1045
In Collateral I Trust.
I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:



Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.

How about this addy: http://archive.fo/tBwvf
newbie
Activity: 51
Merit: 0
I have sent the PM as explained on that thread to admin "Cyrus" a couple of hours ago. How much does it take in average to get this type of thing solved? Im worried the hacker causes havok in my account.

Here's an screenshot of the post containing the BTC address I used to sign in case hacker modifies it:



Plus there's also that same address on the google spreadshet of the sig campaign.

In any case, if hacker modifies the post, I can sign any other address from ages ago in some locked thread, I think I should have one in the Bitmixer thread, but please act fast im worried.
newbie
Activity: 51
Merit: 0
My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.
You can't recover forum passwords using the secret question right now. Attempting to do so results in your account being locked for security reasons.

Seclog shows two actions for your account in recent times:
Today at 09:45:49 AM - manselr - password changed
Today at 09:26:08 AM - manselr - password reset via email



If you're sure you don't have access to your account anymore and want to recover your account, follow the steps here:
-> https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545

Someone has definitely done that and it isn't me... do you have their IP's? I will read that thread now.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.
You can't recover forum passwords using the secret question right now. Attempting to do so results in your account being locked for security reasons.

Seclog shows two actions for your account in recent times:
Today at 09:45:49 AM - manselr - password changed
Today at 09:26:08 AM - manselr - password reset via email



If you're sure you don't have access to your account anymore and want to recover your account, follow the steps here:
-> https://bitcointalksearch.org/topic/recovering-hacked-accounts-or-accounts-with-lost-passwords-497545
newbie
Activity: 51
Merit: 0
My Hero account (manselr) has been potentially hacked. My password doesn't work, and I can't access my email. What's weird is, when I try to recover my pass with my secret question thing for the email, the website says my email doesn't exist. I thought the email got expired because I didn't log in on there for a while, so I tried to register again the same email but it says it's not availible.. weird.

https://bitcointalksearch.org/user/manselr-381190

It seems no new posts have been made and I don't remember when I exactly logged off yesterday so im not sure if someone has accessed it.

I have seen that this forum has the option to ask you "your secret question" to try to recover the password but I don't remember ever being asked to enter a secret question and answer during registration, in fact when I just registered this account, there was no such thing in the registration process.. also weird.

Anyway I have all info you need to recover my pass, including my 2 lasts passwords, email, and any address used to recieve payments in signature campaigns for example (I could sign one to prove I own these BTC addressess) but be quick in case the hacker changes the BTC addresses to his addresses to recieve the money himself, but I hope you can see any further post edits from now on and know that isn't me (in any case let it be on record that for example my last used BTC address for this campaign: https://docs.google.com/spreadsheets/d/18HG1y8z7Ua-7iWfZiKGonvDlBpLAquXknEbG1fggHXg/edit#gid=0 is 1fuCrK2gq9jiQsy375hexRnNMun8gJvJp)
Pages:
Jump to: