Topic: CHANGE YOUR EXPIRED EMAIL ADDRESS OR GET HACKED (Read 517 times)
bump
This is something we really have to look into and do the needful. We should try and check whether our emails are still functioning to avoid stories that touches the heart. No joy for hackers this days
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity also afaik, this length of inactivity time limit is different for each account, it is based on account age
I was registered in year 2016, so I guess I'm safer.
only if you hide your email address info on your bitcointalk profile and you never use your email address to join any bounty programs
I didn't know that. Recovering accounts in websites like bitcointalk is possible so getting the accounts expire is very dangerous. I have my email in yahoo that I have been using since the time I got into the internet. I was using it to signup even on facebook, I will try to log that in later. My question though is that if it expire, does it mean that all the contents in that email address will also be gone or it can be there still when someone registers it again?
tldr
If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.
To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.
Stake a bitcoin address you control here before changing to an invalid email address.
Signing a bitcoin message and staking it in that thread is important, but I am not sure that changing email to invalid one will make account recovery procedure (when we need) become harder and requires more time or not.If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.
To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.
Stake a bitcoin address you control here before changing to an invalid email address.
There are so many ways to hack accounts, so changing to invalid email address does not solve all things.
IMO, setup both strong passwords for email (used to register account), account, and bitcoin wallet. Then sign a bitcoin message and stake it. All those things will keep us safely from hacks. Even with hacks, we can recover account for sure.
Personally, I don't see reasons to change to invalid email address.
Not only this, users can also check log-in IP history to regularly check irregular log-in IPs, that might be a good indicator of potential hack.
https://bitcointalk.org/myips.php
tldr
If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.
To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.
Stake a bitcoin address you control here before changing to an invalid email address.
Most email providers delete inactive accounts and allow their names to be recycled. Here's a list of some popular email providers and the time limits inactive accounts can expire after. If you haven't logged in within the time limits shown your account could get deleted.
Here's the long bit showing the expiry times in their terms and conditions.
new yahoo accounts
https://policies.oath.com/us/en/oath/terms/otos/index.html
old (pre June 2017) yahoo accounts
https://policies.yahoo.com/us/en/yahoo/terms/utos/index.htm
Outlook.com email
https://www.microsoft.com/en-us/servicesagreement
protonmail
https://protonmail.com/terms-and-conditions
zoho
https://www.zoho.com/terms.html
These security risks were discussed on Oct 6th, 2013 here.
https://www.onmsft.com/news/your-outlookcom-email-account-name-will-be-recycled-if-inactive-360-days
If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.
To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.
Stake a bitcoin address you control here before changing to an invalid email address.
Most email providers delete inactive accounts and allow their names to be recycled. Here's a list of some popular email providers and the time limits inactive accounts can expire after. If you haven't logged in within the time limits shown your account could get deleted.
- new yahoo accounts - any time limit yahoo wants
- old (pre June 2017) yahoo accounts - any time limit yahoo wants
- outlook.com email - a year
- protonmail - 3 months (although it's not currently enforced)
- zoho - 120 days
Here's the long bit showing the expiry times in their terms and conditions.
new yahoo accounts
https://policies.oath.com/us/en/oath/terms/otos/index.html
Quote
Unless stated differently for your country in Section 14, we may temporarily or permanently suspend or terminate your account or impose limits on or restrict your access to parts or all of the Services at any time, without notice and for any reason, including, but not limited to, violation of these Terms, court order, or inactivity.
old (pre June 2017) yahoo accounts
https://policies.yahoo.com/us/en/yahoo/terms/utos/index.htm
Quote
You acknowledge that Yahoo reserves the right to log off accounts that are inactive for an extended period of time.
Outlook.com email
https://www.microsoft.com/en-us/servicesagreement
Quote
You must sign into your Outlook.com inbox and your OneDrive (separately) at least once in a one-year period, otherwise we will close your Outlook.com inbox and your OneDrive for you.
protonmail
https://protonmail.com/terms-and-conditions
Quote
Although it is not the current practice, we reserve the right to suspend or delete accounts that are inactive for over three months. Paid accounts with active paid status are not subject to this measure.
zoho
https://www.zoho.com/terms.html
Quote
We reserve the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days.
These security risks were discussed on Oct 6th, 2013 here.
https://www.onmsft.com/news/your-outlookcom-email-account-name-will-be-recycled-if-inactive-360-days
Quote
According to a new report by PCWorld, Microsoft is recycling Outlook.com email account names if they are left inactive after a certain period of time. Microsoft has made no mention that this recycling of account names would occur, but the company’s Services Agreement does state that you are required to log into your account “periodically.”
Quote
“The Microsoft branded services require that you sign in to your Microsoft account periodically, at a minimum of every 270 days" ... Microsoft’s Services Agreement states.
Quote
When an account becomes inactive, Microsoft will queue that account for deletion. Once that happens and after a total of 360 days, Microsoft will allow that email account name to be available to the public again.
Quote
Yahoo faced criticism over this unused email recycling issue in the past, which sparked an outrage over privacy and security concerns over identity theft
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity afaik, this length of inactivity time limit is different for each account, based on account age
that's why I think it is best to hide the email address info on our bitcointalk profile
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity also afaik, this length of inactivity time limit is different for each account, it is based on account age
I was registered in year 2016, so I guess I'm safer.
only if you hide your email address info on your bitcointalk profile and you never use your email address to join any bounty programs
Theymos speculated satoshi's email address was probably hacked when it expired.
Was it Craig Wright?
Did they have whois privacy guard in 2013?
If they did I doubt personal emails came to him.
Dear Craig Wright,
I got your birthday present can you send me your address
Love
Betty (your grandma)....
I dont think that happened.
People ought to register domains for 10 years also when they can...
Theymos speculated satoshi's email address was probably hacked when it expired.
Was it Craig Wright?
How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?
What's the name of the account involved? If you can prove ownership then DT can tag the account.
What's the name of the account involved? If you can prove ownership then DT can tag the account.
I was always under the same impression. I thought all you could do with your connected email is lock your account when a hacker tries to change its password and/or email? Was this changed along with the streamlined account recovery process?
I was registered in year 2016, so I guess I'm safer.
If you are using expired email, I guess you are still in the same risk as anyone can re-register that email and reset password. Are emails really expiring? 
Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.
Theymos speculated satoshi's email address was probably hacked when it expired.
https://cointelegraph.com/news/satoshi-nakamoto-email-account-hacked
Quote
Alleged hacker compromises Satoshi Nakamoto's email account and says to divulge Bitcoin's creator identity details if 25 BTC bounty is fulfilled.
On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:
"Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."
On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:
"Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."
I see. gmx.com will eventually delete your account if you're inactive for a very long time. Not the ideal company to create an email address for life. If Satoshi is using gmx.com he must have learned that before and so its a throwaway email address to him.
It should be a habit for anyone to keep changing your password from time to time. Its a good practice to do so before someone gets the access to your account.
I was registered in year 2016, so I guess I'm safer.
I'm just wondering if in 2014 staking of address is already happening here in the forum as this one was created on March 19, 2015.
I'm just wondering if in 2014 staking of address is already happening here in the forum as this one was created on March 19, 2015.
My old account from 2014 was hacked because I didn't change its associated email address before it expired. The hacker simply re-registered the email, then used it to change my account password.
How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?
What's the name of the account involved? If you can prove ownership then DT can tag the account.
If you have the account e-mail you have complete access to the account. You can recover the password to your e-mail and the account can only be locked from that e-mail as well. If someone else has your e-mail might as well kiss your account goodbye.
My old account from 2014 was hacked because I didn't change its associated email address before it expired. The hacker simply re-registered the email, then used it to change my account password.
How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?
What's the name of the account involved? If you can prove ownership then DT can tag the account.
Are emails really expiring?
Yes, if you use a custom domain name or your email is associated with business including your domain. You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.On a side note, I just got a notification for my email expiry from google that if I don't pay my bill before 3rd June I will lose access to my account.
Are emails really expiring?
Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.
Theymos speculated satoshi's email address was probably hacked when it expired.
https://cointelegraph.com/news/satoshi-nakamoto-email-account-hacked
Quote
Alleged hacker compromises Satoshi Nakamoto's email account and says to divulge Bitcoin's creator identity details if 25 BTC bounty is fulfilled.
On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:
"Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."
On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:
"Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."
Are emails really expiring?
Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.
You can publicly view some users' email addresses directly on this site anyway, some might be coming from their profiles.
Are emails really expiring?
Some email service providers close your account if you don't log in for a long time. My provider closes accounts that haven't logged in for a year, and it allows new registrations using old email addresses.
A hacker must have got my email address from the hacked database and registered it when it became available.
Although I can get my account back by signing a message, not everyone staked a bitcoin address here. Without that staked address it would be difficult getting an account back.
Are emails really expiring?
Anyway, you can probably get your account back if you want, https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777
Anyway, you can probably get your account back if you want, https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777
Jump to: