Author

Topic: Coinedup OpenID bug! - coins stolen (Read 2538 times)

hero member
Activity: 602
Merit: 500
December 16, 2013, 02:40:16 PM
#16
Update

CoinedUp is still looking into into the problem and are keeping Yahoo OpenID disabled for now.

They refunded me my btc!! Goodguys CoinedUp

wow thats amazing! Good for you. Coinedup is always down, but its completely free and they even refund you your BTC. Again, much respect.
bsd
newbie
Activity: 34
Merit: 0
December 16, 2013, 02:19:17 PM
#15
Update

CoinedUp is still looking into into the problem and are keeping Yahoo OpenID disabled for now.

They refunded me my btc!! Goodguys CoinedUp
full member
Activity: 239
Merit: 100
Socialist Cryptocurrency Devote
December 16, 2013, 01:13:53 AM
#14
Mate I am really sorry this happened, what is scarier is that a third party had access to the coins which makes me think that this could be a much more widespread issue. I never did like openid, never made much sense to me, I mean I have had my emails get hacked more often than I have had anything else get hacked, which is why I use more secure passwords now. I really wish I had written down the email of the previous guy who had his email put as the account's email address, that might have helped the situation however I didn't want to be creepy and write down some random guy's email when for all I knew I was logging into his account and not my own.
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 08:23:01 PM
#13
UPDATE from Reddit:

pete_coinedup 2 points 35 minutes ago*
Hello,
We did indeed respond you your email. We're going to shutdown any yahoo OpenID logins until we can investigate further. However, like we said in the email response, we are willing to help investigate. If there indeed a problem, then I'm sure can resolve it. Our main goal is customer satisfaction.


I'll keep everyone posted.
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 08:00:46 PM
#12
First of all I would have made money then buying doges and flipping them.

I logged in for the first time and didn't look at the past transactions. There were a bunch from the past 2 days.
After my btc was gone like that South Park bank episode, I looked in the account settings and saw a different e-mail (name) that happened to be rocketmail.
Then I clicked everything and saw the past transactions. Yea I know partially my fault so I'm not totally going nuts over this.
My password was stupid long and it was an older Yahoo account that I never really use. It doesn't make sense.
sr. member
Activity: 308
Merit: 292
★YoBit.Net★ 350+ Coins Exchange & Dice
December 15, 2013, 07:43:50 PM
#11
So how did this happen? A rocketmail account with same name stole your btc?
sr. member
Activity: 462
Merit: 250
December 15, 2013, 07:41:58 PM
#10
You sent .5 BTC there to buy dogecoin.  You were losing that .5 BTC either way.
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 07:31:15 PM
#9
They replied to my e-mail and I replied back with my logs so I'm waiting on their next response.

Their first reply:

Hello,

Thank you for contacting us.

Our preliminary investigation shows that there is one, and only one, OpenID attached to your account.

We will investigate further to provide you with more information about a potential hack, but there is certainly no sharing of 'rocketmail' and 'yahoo' OpedID keys.

Is there any more information you can add that will help us investigate?

Regards,
Team CoinedUp Support
full member
Activity: 201
Merit: 100
December 15, 2013, 07:15:34 PM
#8
wow. much scary. hopes this gets resolved asap. have moved my doges elsewhere until then unfortunately.
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 06:46:01 PM
#7
We don't know yet whose fault it is.

It's probably only a bug with Yahoo OpenID but I really don't know.

I guess for now check your transaction history and e-mail stored at coinedup every time you login until this is resolved.
legendary
Activity: 2100
Merit: 1167
MY RED TRUST LEFT BY SCUMBAGS - READ MY SIG
December 15, 2013, 06:24:49 PM
#6
this sounds terrible, who's fault is this yahoo or the exchange?

How about google id same issue?
legendary
Activity: 1232
Merit: 1000
December 15, 2013, 06:21:28 PM
#5
CoinedUp is down now some ones crazy 11 BTC sell wall just crashed it. such shit. so crap. dogeshit wow.
sr. member
Activity: 812
Merit: 250
The Fourth Generation of Blockchain in DeFi
December 15, 2013, 06:13:19 PM
#4
Thanks for the warning of course!
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 06:11:41 PM
#3
Possibly. I still want to warn people though until this is resolved.
sr. member
Activity: 812
Merit: 250
The Fourth Generation of Blockchain in DeFi
December 15, 2013, 06:09:35 PM
#2
Not sure I understand, isn't Yahoo at fault?
bsd
newbie
Activity: 34
Merit: 0
December 15, 2013, 06:07:47 PM
#1
Warning!!! Don't login with Yahoo OpenID to coinedup.com

My reddit post that has gotten ZERO response in 16 hours (no e-mail back either):
 http://www.reddit.com/r/CoinedUp/comments/1sx42y/warning_your_yahoo_openid_allows_2_different/

I used an old burner Yahoo e-mail address with a stupid-long password to login to coinedup and it had a rocketmail.com (Yahoo owned) e-mail saved as the owner with previous transactions.

I didn't realize it Sad and I got robbed of ~.5btc pretty quick Sad I was trying to buy dogecoins of course.

How to replicate the problem: Go to: http://openid.yahoo.com/ and click "Get Started" and then login to your Yahoo.com e-mail address.
On the next screen you'll see: Your OpenID identifiers: followed by a long https://me.yahoo.com/a/whatever address
Use that https://me.yahoo.com/a/whatever URL to login to CoinedUp and surprise - a rocketmail.com account has previous transactions and can rob your account.

Fucking sucks. Fix your shit. I'm sure I'm not the only one.

This is the only btc address I used for coinedup: 1KD8mERwt1rBZz9TzvV3EyHA4MrBXmRNvY

so w**@rocketmail.com who stole a little under .5btc please give it back thief.

**UPDATE: The guy who I thought stole my coins e-mailed me and said had the same problem and someone else emptied the account. I'll post updates.
**UPDATE: CoinedUp refunded me my btc!! Goodguys CoinedUp
Jump to: