Author

Topic: CHANGE YOUR EXPIRED EMAIL ADDRESS OR GET HACKED (Read 517 times)

newbie
Activity: 7
Merit: 6
bump
jr. member
Activity: 266
Merit: 4
This is something we really have to look into and do the needful. We should try and check whether our emails are still functioning to avoid stories that touches the heart. No joy for hackers this days
hero member
Activity: 3038
Merit: 617
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity
also afaik, this length of inactivity time limit is different for each account, it is based on account age

I was registered in year 2016, so I guess I'm safer.
only if you hide your email address info on your bitcointalk profile
and you never use your email address to join any bounty programs

I didn't know that.  Recovering accounts in websites like bitcointalk is possible so getting the accounts expire is very dangerous. I have my email in yahoo that I have been using since the time I got into the internet. I was using it to signup even on facebook, I will try to log that in later. My question though is that if it expire, does it mean that all the contents in that email address will also be gone or it can be there still when someone registers it again?
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
tldr

If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.

To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.

Stake a bitcoin address you control here before changing to an invalid email address.
Signing a bitcoin message and staking it in that thread is important, but I am not sure that changing email to invalid one will make account recovery procedure (when we need) become harder and requires more time or not.
There are so many ways to hack accounts, so changing to invalid email address does not solve all things.
IMO, setup both strong passwords for email (used to register account), account, and bitcoin wallet. Then sign a bitcoin message and stake it. All those things will keep us safely from hacks. Even with hacks, we can recover account for sure.
Personally, I don't see reasons to change to invalid email address.
Not only this, users can also check log-in IP history to regularly check irregular log-in IPs, that might be a good indicator of potential hack.
https://bitcointalk.org/myips.php
newbie
Activity: 7
Merit: 6
tldr

If you don't periodically log into an email address you only use for bitcointalk a hacker might use it to hack your account here.

To solve the problem change the email address in your profile to one that can't exist because it has an invalid domain name. I just changed mine to [email protected]. Bitcointalk accepted it as a valid email, but the domain .exist is invalid, so a hacker can't use it.

Stake a bitcoin address you control here before changing to an invalid email address.

Most email providers delete inactive accounts and allow their names to be recycled. Here's a list of some popular email providers and the time limits inactive accounts can expire after. If you haven't logged in within the time limits shown your account could get deleted.

  • new yahoo accounts - any time limit yahoo wants
  • old (pre June 2017) yahoo accounts - any time limit yahoo wants
  • outlook.com email - a year
  • protonmail - 3 months (although it's not currently enforced)
  • zoho - 120 days


Here's the long bit showing the expiry times in their terms and conditions.

new yahoo accounts

https://policies.oath.com/us/en/oath/terms/otos/index.html

Quote
Unless stated differently for your country in Section 14, we may temporarily or permanently suspend or terminate your account or impose limits on or restrict your access to parts or all of the Services at any time, without notice and for any reason, including, but not limited to, violation of these Terms, court order, or inactivity.


old (pre June 2017) yahoo accounts

https://policies.yahoo.com/us/en/yahoo/terms/utos/index.htm

Quote
You acknowledge that Yahoo reserves the right to log off accounts that are inactive for an extended period of time.



Outlook.com email

https://www.microsoft.com/en-us/servicesagreement

Quote
You must sign into your Outlook.com inbox and your OneDrive (separately) at least once in a one-year period, otherwise we will close your Outlook.com inbox and your OneDrive for you.


protonmail

https://protonmail.com/terms-and-conditions

Quote
Although it is not the current practice, we reserve the right to suspend or delete accounts that are inactive for over three months. Paid accounts with active paid status are not subject to this measure.



zoho

https://www.zoho.com/terms.html

Quote
We reserve the right to terminate unpaid user accounts that are inactive for a continuous period of 120 days.


These security risks were discussed on Oct 6th, 2013 here.

https://www.onmsft.com/news/your-outlookcom-email-account-name-will-be-recycled-if-inactive-360-days

Quote
According to a new report by PCWorld, Microsoft is recycling Outlook.com email account names if they are left inactive after a certain period of time. Microsoft has made no mention that this recycling of account names would occur, but the company’s Services Agreement does state that you are required to log into your account “periodically.”

Quote
“The Microsoft branded services require that you sign in to your Microsoft account periodically, at a minimum of every 270 days" ... Microsoft’s Services Agreement states.

Quote
When an account becomes inactive, Microsoft will queue that account for deletion. Once that happens and after a total of 360 days, Microsoft will allow that email account name to be available to the public again.

Quote
Yahoo faced criticism over this unused email recycling issue in the past, which sparked an outrage over privacy and security concerns over identity theft

legendary
Activity: 1988
Merit: 1317
Get your game girl
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity
afaik, this length of inactivity time limit is different for each account, based on account age
that's why I think it is best to hide the email address info on our bitcointalk profile
Yes, I agree. Yahoo has an expiry date of 6 months for the accounts that have not logged in. Hiding email addresses on the profile will work but again your email addresses are exposed when you're reporting a post to the moderator. I still don't know why it is that way but it kinda exposes your identity to someone you don't trust.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.
even a regular @yahoo.com account can expire due to inactivity
also afaik, this length of inactivity time limit is different for each account, it is based on account age

I was registered in year 2016, so I guess I'm safer.
only if you hide your email address info on your bitcointalk profile
and you never use your email address to join any bounty programs
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory

Theymos speculated satoshi's email address was probably hacked when it expired.


Was it Craig Wright? Smiley

Did they have whois privacy guard in 2013?



If they did I doubt personal emails came to him.

Dear Craig Wright,

I got your birthday present can you send me your address

Love
Betty (your grandma)....

I dont think that happened.



People ought to register domains for 10 years also when they can...
legendary
Activity: 2814
Merit: 2472
https://JetCash.com

Theymos speculated satoshi's email address was probably hacked when it expired.


Was it Craig Wright? Smiley
hero member
Activity: 1834
Merit: 759
How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?

What's the name of the account involved? If you can prove ownership then DT can tag the account.

I was always under the same impression. I thought all you could do with your connected email is lock your account when a hacker tries to change its password and/or email? Was this changed along with the streamlined account recovery process?
hero member
Activity: 1358
Merit: 851
I was registered in year 2016, so I guess I'm safer.
If you are using expired email, I guess you are still in the same risk as anyone can re-register that email and reset password.
hero member
Activity: 3038
Merit: 617
Are emails really expiring?  Shocked

Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.
 


Theymos speculated satoshi's email address was probably hacked when it expired.

https://cointelegraph.com/news/satoshi-nakamoto-email-account-hacked

Quote
Alleged hacker compromises Satoshi Nakamoto's email account and says to divulge Bitcoin's creator identity details if 25 BTC bounty is fulfilled.

On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:

    "Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."

I see. gmx.com will eventually delete your account if you're inactive for a very long time. Not the ideal company to create an email address for life. If Satoshi is using gmx.com he must have learned that before and so its a throwaway email address to him.

It should be a habit for anyone to keep changing your password from time to time. Its a good practice to do so before someone gets the access to your account.

hero member
Activity: 3094
Merit: 606
BTC to the MOON in 2019
I was registered in year 2016, so I guess I'm safer.

I'm just wondering if in 2014 staking of address is already happening here in the forum as this one was created on March 19, 2015.
hero member
Activity: 1218
Merit: 534
My old account from 2014 was hacked because I didn't change its associated email address before it expired. The hacker simply re-registered the email, then used it to change my account password.

How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?

What's the name of the account involved? If you can prove ownership then DT can tag the account.

If you have the account e-mail you have complete access to the account.  You can recover the password to your e-mail and the account can only be locked from that e-mail as well.  If someone else has your e-mail might as well kiss your account goodbye.
legendary
Activity: 2688
Merit: 1065
Undeads.com - P2E Runner Game
My old account from 2014 was hacked because I didn't change its associated email address before it expired. The hacker simply re-registered the email, then used it to change my account password.

How is this possible? You mean a Bitcointalk account here? I thought recovering via email is not possible. Can anyone correct me on this?

What's the name of the account involved? If you can prove ownership then DT can tag the account.
legendary
Activity: 1988
Merit: 1317
Get your game girl
Are emails really expiring?  Shocked
Yes, if you use a custom domain name or your email is associated with business including your domain. You wouldn't have to worry if you use one of the famous free email services like gmail, yahoo,protonmail etc but if you have an email like [email protected] then your access to the email services expire with a domain or the email plan depending on your service type.

On a side note, I just got a notification for my email expiry from google that if I don't pay my bill before 3rd June I will lose access to my account.
newbie
Activity: 7
Merit: 6
Are emails really expiring?  Shocked

Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.
 


Theymos speculated satoshi's email address was probably hacked when it expired.

https://cointelegraph.com/news/satoshi-nakamoto-email-account-hacked

Quote
Alleged hacker compromises Satoshi Nakamoto's email account and says to divulge Bitcoin's creator identity details if 25 BTC bounty is fulfilled.

On September 8, BitcoinTalk administrator Michael Marquardt, aka 'theymos', started a new thread untitled '[email protected] is compromised'. He wrote:

    "Today I received an email from [email protected] (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it."
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Are emails really expiring?  Shocked

Yes? They expire with domain names. Everyone really ought to sort this out when that domain expires.

You can publicly view some users' email addresses directly on this site anyway, some might be coming from their profiles.
newbie
Activity: 7
Merit: 6
Are emails really expiring?  Shocked



Some email service providers close your account if you don't log in for a long time. My provider closes accounts that haven't logged in for a year, and it allows new registrations using old email addresses.

A hacker must have got my email address from the hacked database and registered it when it became available.

Although I can get my account back by signing a message, not everyone staked a bitcoin address here. Without that staked address it would be difficult getting an account back.
legendary
Activity: 2534
Merit: 1517
#1 VIP Crypto Casino
Are emails really expiring?  Shocked

Anyway, you can probably get your account back if you want, https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777
newbie
Activity: 7
Merit: 6
Accounts here are being hacked using expired email addresses they registered with.

The forum database hacked on May 25, 2015 is being sold on the dark net, and hackers are re-registering expired email addresses from it to access bitcointalk accounts.

My old account from 2014 was hacked because I didn't change its associated email address before it expired. The hacker simply re-registered the email, then used it to change my account password.

Don't make the same mistake as me.
Jump to: