Pages:
Author

Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE) - page 2. (Read 36721 times)

full member
Activity: 185
Merit: 121


Thout Shall NOT.... er...

Said Moses descending MtGox,

"I was lucky to escape in me jocks."

"Your bitcoins are gorne,"

"But the good news is porn..."

"...and Viagra spam's filling your inbox. " Roll Eyes
sr. member
Activity: 504
Merit: 250
The salt should have a random part per user stored in the database and a static part per site stored in some include file.
The first part prevents massive parallelization, rainbow tables etc.
The second part keeps the password secure when only the database is leaked (ex. a SQL injection that does not escalate to code execution). In the case of MtGox it wouldn't have helped since the read-only account probably had source access too.

Extending this idea, email can be stored using reversible encryption. Thus a simple database leak is not sufficient to compromise all emails, you need local access to the source.
kjj
legendary
Activity: 1302
Merit: 1026
Salts should include something unique for the site! Im not sure this is the case here, it would alleviate the problem with re-using password-hashes between many sites.

Salts have been random for two months.  That's even better than being unique to the site.
member
Activity: 84
Merit: 10
I couldn't believe it is real.
sr. member
Activity: 440
Merit: 250
#SWGT CERTIK Audited
Salts should include something unique for the site! Im not sure this is the case here, it would alleviate the problem with re-using password-hashes between many sites.
hero member
Activity: 686
Merit: 564
http://blog.zorinaq.com/?e=55 says "...Contrary to previous claims from the MtGox owner, this indicates that many accounts had been compromised for at least days, if not weeks, before today's attack. This may explain some of the reports of Bitcoins being stolen from MtGox accounts in the previous days and weeks, as reported on the forums."

Something doesn't add up. My password on the posted .csv was created on the evening of June 16 west coast time. If blog.zorinaq.com is correct, then there were at least two separate seizures or losses of user lists from Gox, the first being long before Friday's release.
Looks very much like there was some kind of ongoing compromise that caused the password list to be leaked on more than one occasion over a period of at least two days, yes. Probably more than that if we assume the attacker attempted to brute-force the passwords themselves before posting on that forum or offering them for sale.
sr. member
Activity: 336
Merit: 250
i woke up this morning to see my email account was taken over.. everyone on that list should assume the passwords have been compromised - i have since retaken over my account

I think someone tried to get into mine, which may mean my hashed password on the list was cracked? Gmail reported "suspicious activity" when I logged in this evening. You can be sure that I changed my password and that this will be prompting me to take a closer look at ALL my computer security protocols and settings. Perhaps this is a good wake up for the community, up til now a lot of people have not taken their bitcoin security very seriously.
newbie
Activity: 56
Merit: 0
i woke up this morning to see my email account was taken over.. everyone on that list should assume the passwords have been compromised - i have since retaken over my account
newbie
Activity: 26
Merit: 0
I changed my password around 8:30PM USA west coast time June 16, so it was after that they got the data.

That puts its between Sunday the 12th and 16th that the data was stolen.

It couldn't have been before the 16th because I made up the password in the .csv on the 16th.

In post #75 above we have a link to a hash generator. I checked my "before" and "after" passwords. The hash in the .csv represents my "after" password, i.e., I created it at 8:30PM USA west coast time on the 16th. The data loss could not have occurred before then, my new password didn't exist.
newbie
Activity: 26
Merit: 0
I changed my password around 8:30PM USA west coast time June 16, so it was after that they got the data.

http://blog.zorinaq.com/?e=55 says "...Contrary to previous claims from the MtGox owner, this indicates that many accounts had been compromised for at least days, if not weeks, before today's attack. This may explain some of the reports of Bitcoins being stolen from MtGox accounts in the previous days and weeks, as reported on the forums."

Something doesn't add up. My password on the posted .csv was created on the evening of June 16 west coast time. If blog.zorinaq.com is correct, then there were at least two separate seizures or losses of user lists from Gox, the first being long before Friday's release.

What am I missing? I am not the smartest rock in the forest.
jr. member
Activity: 42
Merit: 2
I hope you guys are interested in buying Viagra and increasing the size of your penis.
Ha ha, yes, brace for spam impact! Especially watch out for Bitcoin email scams in the future. This email database guarantees a high percentage of obsessed people within a narrow theme. Any scammer would be delighted to receive such a valuable file CSV file.
newbie
Activity: 56
Merit: 0
..... password hack - About 717 quattuorvigintillion years

paranoid - Yes

Just because they really are out to get you doesn't mean you aren't paranoid.
newbie
Activity: 18
Merit: 0
I changed my password around 8:30PM USA west coast time June 16, so it was after that they got the data.

That puts its between Sunday the 12th and 16th that the data was stolen.
newbie
Activity: 26
Merit: 0
I changed my password around 8:30PM USA west coast time June 16, so it was after that they got the data.
newbie
Activity: 18
Merit: 0
on this site you can create your md5 hash if you are not sure which pw you used or just want to check if it is in there:

http://www.insidepro.com/hashes.php?lang=eng

newer hash starting with $1$:
enter password and salt. you will find your hash at "MD5(Unix)"

salt is between the second and the third $ character:
$1$/gKxns/A$42b18btDR4VVUJR8hOEqW0

hash goes after the third $ character:
$1$/gKxns/A$42b18btDR4VVUJR8hOEqW0

I am in not affiliated in any way with the site and can not tell if they are trustworthy. So only check if your password is weak or you have changed it everywhere else.

When the Gox problems first came up a few days ago I went in and changed my password. They have the *new* password. I have $4.65 in Gox and the new password is unique to Gox. It feels spooky but I guessed I dodged a bullet...unless the hoodlums have more info Gox isn't talking about.

Thanks for posting that link.

The link was very helpful. Now I know what password that was stolen. It appears that this data was recent within the past few days because I changed my pass last week.
newbie
Activity: 26
Merit: 0
Quote
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.

No, you weren’t hacked, you employed people with as much responsibility, professionalism, and sense of duty as you: none.

It makes it OK that it was "someone else" and not you? Earlier you blamed each victimized user even as the complaints mounted.

Gox' character seems at the level of an immature 12 year old.
newbie
Activity: 26
Merit: 0
on this site you can create your md5 hash if you are not sure which pw you used or just want to check if it is in there:

http://www.insidepro.com/hashes.php?lang=eng

newer hash starting with $1$:
enter password and salt. you will find your hash at "MD5(Unix)"

salt is between the second and the third $ character:
$1$/gKxns/A$42b18btDR4VVUJR8hOEqW0

hash goes after the third $ character:
$1$/gKxns/A$42b18btDR4VVUJR8hOEqW0

I am in not affiliated in any way with the site and can not tell if they are trustworthy. So only check if your password is weak or you have changed it everywhere else.

When the Gox problems first came up a few days ago I went in and changed my password. They have the *new* password. I have $4.65 in Gox and the new password is unique to Gox. It feels spooky but I guessed I dodged a bullet...unless the hoodlums have more info Gox isn't talking about.

Thanks for posting that link.
full member
Activity: 140
Merit: 101
I hope you guys are interested in buying Viagra and increasing the size of your penis.

Now that's funny shit. I don't care who you are!!!! Already spammed from a Tradehill promoter. Thrice!!!
member
Activity: 70
Merit: 10
LOL @ someone messaging me and wanting this removed. Even if this thread was removed, the file has already been leaked.

If it's out there, you might as well let it be.
full member
Activity: 154
Merit: 100
Quote
Is it possible to get the list of names etc in alphabetical order?

just import said csv into spreadsheet program and sort that column
Pages:
Jump to: