Pages:
Author

Topic: Change your passwords (and secret question) (Suggest stake address) - page 2. (Read 2048 times)

legendary
Activity: 2170
Merit: 1427
I think it's quite weird that you can change your email address without first accepting the change via an email sent to the old email address. The hacker can change everything this way.

Confirming every important profile change via an email sent to the main email address is normal nearly everywhere, but here not.  Undecided
legendary
Activity: 1456
Merit: 1000
Just in case anyone missed the past few day's of downtime.  Change your passwords!  And secret question if you use it.  Everyone I think should have gotten email saying this as well.

...

Was only the password hash leaked? What are the chances of someone finding a password once its been hashed with sha256crypt 7500 rounds? Wouldn't they be limited to dictionary attacks?

I suggest reading theymos post: https://bitcointalksearch.org/topic/about-the-recent-server-compromise-1067985

It depends on length of password, and what was taken.   And things such as IP i would not guess are to long.  So it's hard to say.   I hope nothing comes out as far as info but guess we will see over time.
hero member
Activity: 812
Merit: 1000
I changed my password, it's the first thing I did when I logged in just now, I didn't read the email but I was following what was happening through bitcointalk twitter and I read there that password hashes were compromised.

I never used a secret question so there was nothing to be changed there. Do one has to change his email also? I didn't change it because if it was already leaked then nothing can be done now and all you have to do is deal with extra spam that will probably come there.
full member
Activity: 140
Merit: 100
thanks for the information . i have recently changed my password .
it was a ache all over to know that the site is down . but happy to know its back up again.
legendary
Activity: 1904
Merit: 1074
I regularly change my passwords for all my accounts on all the sites I register as a rule any way, so it's not such a big deal.

It's the accounts with the short passwords and the ones where people rarely change passwords, where the trouble starts.

Nothing is bulletproof, but you have to mix things up to make it more difficult.  Angry

Hope this is the end to all of these hacks... kudo's for everyone involved in the restoration of the forum.  Grin
legendary
Activity: 3234
Merit: 1654
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
Just Now received the same email from bitcointalk.
Thanks theymos for Informing us about this issue,
hero member
Activity: 672
Merit: 508
LOTEO
i have never received the email.

but now i changed my password and secret question. the previous password was strong and only were used here so i am not worried i changed it to a newer and stronger one.

and the email i used here is already receiving spam, but it is a shame that all Email addresses was compromised Sad

The forum had been down several days, there were some posts on the web about it.  The site owner had taken the forum down several time to investigate the issue.
Did the email reach your spam folder by any chance? Smiley
legendary
Activity: 3472
Merit: 10611
i have never received the email.

but now i changed my password and secret question. the previous password was strong and only were used here so i am not worried i changed it to a newer and stronger one.

and the email i used here is already receiving spam, but it is a shame that all Email addresses was compromised Sad
hero member
Activity: 672
Merit: 508
LOTEO
Just in case anyone missed the past few day's of downtime.  Change your passwords!  And secret question if you use it.  Everyone I think should have gotten email saying this as well.

...

Was only the password hash leaked? What are the chances of someone finding a password once its been hashed with sha256crypt 7500 rounds? Wouldn't they be limited to dictionary attacks?
hero member
Activity: 630
Merit: 500
Yeah I never bothered with the secret question either, I'd have probably forgotten what it was by now anyway (writing it down kind of defeats the point of it being secret Wink).
Already changed my password just in case, not really fussed about my email as it's a throwaway used to register this account.
legendary
Activity: 1456
Merit: 1000
never used a secret question, well i did use it at the beginning then i removed it, not needed i think, i received an email with this exact text information, but the forum was down at that moment

besides the password if they stole you the others info, it's not a big deal i suppose, especially with dynamic ip and if you used a trash email for your registration

The IP is kinda a pain.  I need to have a time when I can release and renew on my router a few times to try to get a new IP.   

That is a good point if you have the ability to change your IP it is also a good idea to do so. 
legendary
Activity: 3248
Merit: 1070
never used a secret question, well i did use it at the beginning then i removed it, not needed i think, i received an email with this exact text information, but the forum was down at that moment

besides the password if they stole you the others info, it's not a big deal i suppose, especially with dynamic ip and if you used a trash email for your registration
legendary
Activity: 1456
Merit: 1000
Just in case anyone missed the past few day's of downtime.  Change your passwords!  And secret question if you use it.  Everyone I think should have gotten email saying this as well.

I also should have said this earlier but I suggest all to stake a btc address - https://bitcointalksearch.org/topic/m.11448313

I for one did not realize how much I would miss this forum.  Great to have it back up!


All accounts should have received this email a day or two ago:


You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
Pages:
Jump to: