Topic: Change your passwords (and secret question) (Suggest stake address) - page 2. (Read 2033 times)

I think it's quite weird that you can change your email address without first accepting the change via an email sent to the old email address. The hacker can change everything this way.

Confirming every important profile change via an email sent to the main email address is normal nearly everywhere, but here not. 

I suggest reading theymos post: https://bitcointalksearch.org/topic/about-the-recent-server-compromise-1067985

It depends on length of password, and what was taken.   And things such as IP i would not guess are to long.  So it's hard to say.   I hope nothing comes out as far as info but guess we will see over time.

I changed my password, it's the first thing I did when I logged in just now, I didn't read the email but I was following what was happening through bitcointalk twitter and I read there that password hashes were compromised.

I never used a secret question so there was nothing to be changed there. Do one has to change his email also? I didn't change it because if it was already leaked then nothing can be done now and all you have to do is deal with extra spam that will probably come there.

thanks for the information . i have recently changed my password .
it was a ache all over to know that the site is down . but happy to know its back up again.

I regularly change my passwords for all my accounts on all the sites I register as a rule any way, so it's not such a big deal.

It's the accounts with the short passwords and the ones where people rarely change passwords, where the trouble starts.

Nothing is bulletproof, but you have to mix things up to make it more difficult. 

Hope this is the end to all of these hacks... kudo's for everyone involved in the restoration of the forum. 

Just Now received the same email from bitcointalk.
Thanks theymos for Informing us about this issue,

The forum had been down several days, there were some posts on the web about it.  The site owner had taken the forum down several time to investigate the issue.
Did the email reach your spam folder by any chance?

i have never received the email.

but now i changed my password and secret question. the previous password was strong and only were used here so i am not worried i changed it to a newer and stronger one.

and the email i used here is already receiving spam, but it is a shame that all Email addresses was compromised

Was only the password hash leaked? What are the chances of someone finding a password once its been hashed with sha256crypt 7500 rounds? Wouldn't they be limited to dictionary attacks?

Yeah I never bothered with the secret question either, I'd have probably forgotten what it was by now anyway (writing it down kind of defeats the point of it being secret ).
Already changed my password just in case, not really fussed about my email as it's a throwaway used to register this account.

The IP is kinda a pain.  I need to have a time when I can release and renew on my router a few times to try to get a new IP.   

That is a good point if you have the ability to change your IP it is also a good idea to do so. 

never used a secret question, well i did use it at the beginning then i removed it, not needed i think, i received an email with this exact text information, but the forum was down at that moment

besides the password if they stole you the others info, it's not a big deal i suppose, especially with dynamic ip and if you used a trash email for your registration

Just in case anyone missed the past few day's of downtime.  Change your passwords!  And secret question if you use it.  Everyone I think should have gotten email saying this as well.

I also should have said this earlier but I suggest all to stake a btc address - https://bitcointalksearch.org/topic/m.11448313

I for one did not realize how much I would miss this forum.  Great to have it back up!


All accounts should have received this email a day or two ago:


You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.