Despite email confirmation, accounts still got hacked

Dorkie

member

Activity: 420

Merit: 13

Quote from: ibminer on December 14, 2017, 10:27:48 AM

If you had never posted a BTC address in the past on that account, you are not likely to get it recovered. However, the account does appear to have changed hands to me and I've left feedback to warn others.

Thank you, thank you, thank you, thank you, thank you, and thank you for your gesture of support.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

If you had never posted a BTC address in the past on that account, you are not likely to get it recovered. However, the account does appear to have changed hands to me and I've left feedback to warn others.

Dorkie

member

Activity: 420

Merit: 13

Quote from: mprep on December 14, 2017, 10:00:38 AM

Because they either haven't checked their email, have checked it after the 14 days have passed, have set their email to a random bit of text / lost access over their email account, had their account hacked before the notification was implemented or blocked it via the aforementioned means and have not posted / PMed a BTC address or PGP public key in order to recover it.

Since I never stake any bitcoin address here, so I guess my hacked account is 100% unrecoverable.
Yes, I can email/pm theymos and every other person in charge but I don't think they will entertain me.

They will probably laugh in their hearts and say within themselves, "Ha ha haaa, serves you right, Dorky, for not staking your bitcoin address here. Tough luck for you. There is nothing I can/will do about it."

mprep

global moderator

Activity: 3766

Merit: 2610

In a world of peaches, don't ask for apple sauce

Quote from: Dorkie on December 14, 2017, 09:54:06 AM

Quote from: mprep on December 14, 2017, 09:52:34 AM

As it's written within the thread, it notifies a user and allows him to block the account within 14 days.

Why then do we still see accounts getting hacked and the original owners reporting the hacks here?

Because they either haven't checked their email, have checked it after the 14 days have passed, have set their email to a random bit of text / lost access over their email account, had their account hacked before the notification was implemented or blocked it via the aforementioned means and have not posted / PMed a BTC address or PGP public key in order to recover it.

Dorkie

member

Activity: 420

Merit: 13

Quote from: mprep on December 14, 2017, 09:52:34 AM

As it's written within the thread, it notifies a user and allows him to block the account within 14 days.

Why then do we still see accounts getting hacked and the original owners reporting the hacks here?

mprep

global moderator

Activity: 3766

Merit: 2610

In a world of peaches, don't ask for apple sauce

Quote from: Dorkie on December 14, 2017, 09:45:35 AM

Quote from: mprep on December 14, 2017, 09:11:59 AM

There is no email confirmation (you can set your email to pretty much anything AFAIK). Ask theymos why; I'm not quite sure myself. It'd stop most of these recent hacks.

I found this previous post by theymos himself on email security notification @ https://bitcointalksearch.org/topic/email-security-notifications-2282758

Quote from: theymos on October 17, 2017, 10:47:10 PM

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Are you telling me this email security notification was just a show (i.e. lip service)? And that nothing significant was really implemented / put in place to secure the account?

My goodness. How deep does the admins' corruption goes.

As it's written within the thread, it notifies a user and allows him to block the account within 14 days. Afterwhich the user has to go through the stickied procedure (signed message) to recover their account.

Dorkie

member

Activity: 420

Merit: 13

Quote from: mprep on December 14, 2017, 09:11:59 AM

There is no email confirmation (you can set your email to pretty much anything AFAIK). Ask theymos why; I'm not quite sure myself. It'd stop most of these recent hacks.

I found this previous post by theymos himself on email security notification @ https://bitcointalksearch.org/topic/email-security-notifications-2282758

Quote from: theymos on October 17, 2017, 10:47:10 PM

I added email notifications for some security events:

Whenever your password is changed (except by an administrator), you will get an email about it.

Whenever your email is changed (except by an administrator), your old email will get an email about it with a link to lock your account. The link is valid for 14 days.

Let me know if you find any bugs.

Are you telling me this email security notification was just a show (i.e. lip service)? And that nothing significant was really implemented / put in place to secure the account?

My goodness. How deep does the admins' corruption goes.

mprep

global moderator

Activity: 3766

Merit: 2610

In a world of peaches, don't ask for apple sauce

There is no email confirmation (you can set your email to pretty much anything AFAIK). Ask theymos why; I'm not quite sure myself. It'd stop most of these recent hacks.

Dorkie

member

Activity: 420

Merit: 13

Despite email confirmation in place, accounts still got hacked.

Man, you admin and mod guys at Bitcointalk forum are truly genuinely sinful and corrupt.

If I were in charge of this forum, I would have killed ALL account hacks within the very first year itself.

Either you guys are purely incompetent or else all the persistent account hacks are deliberate and endorsed by the admin themselves.

Topic: Despite email confirmation, accounts still got hacked (Read 134 times)