Coinedup OpenID bug! - coins stolen | Bitcointalksearch.org

albertdros

hero member

Activity: 602

Merit: 500

Quote from: bsd on December 16, 2013, 03:19:17 PM

Update

CoinedUp is still looking into into the problem and are keeping Yahoo OpenID disabled for now.

They refunded me my btc!! Goodguys CoinedUp

wow thats amazing! Good for you. Coinedup is always down, but its completely free and they even refund you your BTC. Again, much respect.

bsd

newbie

Activity: 34

Merit: 0

Update

CoinedUp is still looking into into the problem and are keeping Yahoo OpenID disabled for now.

They refunded me my btc!! Goodguys CoinedUp

theprofileth

full member

Activity: 239

Merit: 100

Socialist Cryptocurrency Devote

Mate I am really sorry this happened, what is scarier is that a third party had access to the coins which makes me think that this could be a much more widespread issue. I never did like openid, never made much sense to me, I mean I have had my emails get hacked more often than I have had anything else get hacked, which is why I use more secure passwords now. I really wish I had written down the email of the previous guy who had his email put as the account's email address, that might have helped the situation however I didn't want to be creepy and write down some random guy's email when for all I knew I was logging into his account and not my own.

bsd

newbie

Activity: 34

Merit: 0

UPDATE from Reddit:

pete_coinedup 2 points 35 minutes ago*
Hello,
We did indeed respond you your email. We're going to shutdown any yahoo OpenID logins until we can investigate further. However, like we said in the email response, we are willing to help investigate. If there indeed a problem, then I'm sure can resolve it. Our main goal is customer satisfaction.

I'll keep everyone posted.

bsd

newbie

Activity: 34

Merit: 0

First of all I would have made money then buying doges and flipping them.

I logged in for the first time and didn't look at the past transactions. There were a bunch from the past 2 days.
After my btc was gone like that South Park bank episode, I looked in the account settings and saw a different e-mail (name) that happened to be rocketmail.
Then I clicked everything and saw the past transactions. Yea I know partially my fault so I'm not totally going nuts over this.
My password was stupid long and it was an older Yahoo account that I never really use. It doesn't make sense.

eon89

sr. member

Activity: 308

Merit: 292

★YoBit.Net★ 350+ Coins Exchange & Dice

So how did this happen? A rocketmail account with same name stole your btc?

sixteendigits

sr. member

Activity: 462

Merit: 250

You sent .5 BTC there to buy dogecoin. You were losing that .5 BTC either way.

bsd

newbie

Activity: 34

Merit: 0

They replied to my e-mail and I replied back with my logs so I'm waiting on their next response.

Their first reply:

Hello,

Thank you for contacting us.

Our preliminary investigation shows that there is one, and only one, OpenID attached to your account.

We will investigate further to provide you with more information about a potential hack, but there is certainly no sharing of 'rocketmail' and 'yahoo' OpedID keys.

Is there any more information you can add that will help us investigate?

Regards,
Team CoinedUp Support

acejudas

full member

Activity: 201

Merit: 100

wow. much scary. hopes this gets resolved asap. have moved my doges elsewhere until then unfortunately.

bsd

newbie

Activity: 34

Merit: 0

We don't know yet whose fault it is.

It's probably only a bug with Yahoo OpenID but I really don't know.

I guess for now check your transaction history and e-mail stored at coinedup every time you login until this is resolved.

cryptohunter

legendary

Activity: 2100

Merit: 1167

MY RED TRUST LEFT BY SCUMBAGS - READ MY SIG

this sounds terrible, who's fault is this yahoo or the exchange?

How about google id same issue?

tokyoghetto

legendary

Activity: 1232

Merit: 1000

CoinedUp is down now some ones crazy 11 BTC sell wall just crashed it. such shit. so crap. dogeshit wow.

peterlustig

sr. member

Activity: 812

Merit: 250

The Fourth Generation of Blockchain in DeFi

Thanks for the warning of course!

bsd

newbie

Activity: 34

Merit: 0

Possibly. I still want to warn people though until this is resolved.

peterlustig

sr. member

Activity: 812

Merit: 250

The Fourth Generation of Blockchain in DeFi

Not sure I understand, isn't Yahoo at fault?

bsd

newbie

Activity: 34

Merit: 0

Warning!!! Don't login with Yahoo OpenID to coinedup.com

My reddit post that has gotten ZERO response in 16 hours (no e-mail back either):
http://www.reddit.com/r/CoinedUp/comments/1sx42y/warning_your_yahoo_openid_allows_2_different/

I used an old burner Yahoo e-mail address with a stupid-long password to login to coinedup and it had a rocketmail.com (Yahoo owned) e-mail saved as the owner with previous transactions.

I didn't realize it Sad

and I got robbed of ~.5btc pretty quick Sad

I was trying to buy dogecoins of course.

How to replicate the problem: Go to: http://openid.yahoo.com/ and click "Get Started" and then login to your Yahoo.com e-mail address.
On the next screen you'll see: Your OpenID identifiers: followed by a long https://me.yahoo.com/a/whatever address
Use that https://me.yahoo.com/a/whatever URL to login to CoinedUp and surprise - a rocketmail.com account has previous transactions and can rob your account.

Fucking sucks. Fix your shit. I'm sure I'm not the only one.

This is the only btc address I used for coinedup: 1KD8mERwt1rBZz9TzvV3EyHA4MrBXmRNvY

so w**@rocketmail.com who stole a little under .5btc please give it back thief.

**UPDATE: The guy who I thought stole my coins e-mailed me and said had the same problem and someone else emptied the account. I'll post updates.
**UPDATE: CoinedUp refunded me my btc!! Goodguys CoinedUp

Topic: Coinedup OpenID bug! - coins stolen (Read 2529 times)