Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE) - page 5. (Read 36635 times)

Caesium
hero member
Activity: 546
Merit: 500
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:37:53 PM
#57
Quote from: Batouzo on June 19, 2011, 06:30:07 PM
On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.

They didn't. My details are in there and I reproduced the hash for my password with the following perl:

#! /usr/bin/perl
$salt = '$1$SALT$'; # this is the at the start of the salted password in the accounts.csv, it's 8 alphanumeric characters
$pw = 'MY_PLAIN_PASSWORD'; # do this on a secure box, you're entering your password into a text editor.
$encpw = crypt($pw, $salt);
print "Encrypted password: $encpw\n";

Observe how the printed hash equals the bit after the salt in the accounts.csv. Thus no hidden salt or trickery.
Batouzo
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:36:54 PM
#56
Quote from: bullox on June 19, 2011, 06:19:30 PM
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

Mother of god...

I'm usually coding a web game page (no money) more securely...
TheBitMan
sr. member
Activity: 280
Merit: 250
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:35:35 PM
#55
Quote from: cypherdoc on June 19, 2011, 06:04:58 PM
is there a way to "search" this csv list for my username instead of scrolling 60K names?
control+f and type in Smiley
Otoh
donator
Activity: 3024
Merit: 1105
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:35:11 PM
#54
Quote from: S3052 on June 19, 2011, 04:40:45 PM
Quote from: Chick on June 19, 2011, 04:03:34 PM
I do not know if this is real or fake. However, this is an direct download link that I hosted. Please comment...

http://bit.ly/kE3Q4D

[Edit: Holy shit, this is real. I found my email & password in the CSV. Shit just got real...]

I cant believe that.

This is completely against every privacy consideration that this file is openly distributed.

Sig:
>12y experience in trading.
Donations accepted: 14TeeHy4igXUgfnjXmCFG5MwkcRKZRkprS

Please always do your own due diligence, and consult your financial advisor. Never invest unless you can afford to lose your entire investment.

http://twitter.com/BitcoinAnalyst

lols @ Sig irony
DeiBellum
newbie
Activity: 22
Merit: 0
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:34:21 PM
#53
So, WTF happened to websites being responsible and hashing emails as well?

Just my .02btc
Batouzo
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:30:07 PM
#52
Quote from: enmaku on June 19, 2011, 04:51:06 PM
Which is why we salt passwords before hashing them. It might take seconds to find "monkey" but it'll take ages to find "monkeyefweug#%_#Tsafwef24g" and the user doesn't have to remember that second part. Really if the database is compromised the salt is in there with the hash so it doesn't help much but it DOES at least make it so that two people using the same password won't both be compromised by simply compromising one of them. It also makes "rainbow tables" (giant tables of common passwords and what they hash to) ineffective.

It depends - if (if, I'm not sure how this is in case of mtgox) entire users database was leaked, then usually you also have the salts for each user right there in the database.

On the other hand, if they coded is smartly, they also used extra salt that is only in the source code and not in database  - that one should help indeed.
TheBitMan
sr. member
Activity: 280
Merit: 250
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:26:11 PM
#51
I'm a member but I couldn't find mine Huh
Chick
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:23:57 PM
#50
Quote from: bullox on June 19, 2011, 06:19:30 PM
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?

I don't think they're salting their passwords.

I'm using John The Ripper to crack these worthless "123456" md5-crypt passwords.
bullox
full member
Activity: 131
Merit: 100
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:19:30 PM
#49
so obviously its md5, and the salt is contained within db entry, but what method are they using to get the unicode characters back into hex strings that most password crackers utilize for reversing md5?
MeowMixer
newbie
Activity: 48
Merit: 0
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:12:11 PM
#48
Quote from: cypherdoc on June 19, 2011, 06:04:58 PM
is there a way to "search" this csv list for my username instead of scrolling 60K names?
ctrl+f
airdata
hero member
Activity: 1148
Merit: 501
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:10:01 PM
#47
Oh... nice.. so much for anonymity

how easy is that password hash to crack?
 
Chick
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:08:13 PM
#46
Quote from: cypherdoc on June 19, 2011, 06:04:58 PM
is there a way to "search" this csv list for my username instead of scrolling 60K names?

Ctrl + Find. I opened it up in Google Docs.
killer2021
member
Activity: 84
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:07:04 PM
#45
I changed my password the other day when someone said the account was hacked.
cypherdoc
legendary
Activity: 1764
Merit: 1002
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:04:58 PM
#44
is there a way to "search" this csv list for my username instead of scrolling 60K names?
WiseOldOwl
full member
Activity: 238
Merit: 100
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 06:02:53 PM
#43
I am not able to get the file, has it been removed or am i just having problems on my end
Chick
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 05:54:07 PM
#42
Quote from: IlbiStarz on June 19, 2011, 05:52:00 PM
Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.

Dude, its a fucking CSV file. Check the extension, open the URL up in Google Docs if you're too scared. Tongue
IlbiStarz
full member
Activity: 336
Merit: 100
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 05:52:00 PM
#41
Maybe this file is actually a virus/keylogger that will steal your wallet.dat or find your new password once Mt.Gox comes up again? That's the only thing from preventing me from downloading this file.

Really tempted tho...

Or maybe im just stupid/paranoid.
myrkul
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 05:49:44 PM
#40
Give mine a shot. User ID 11195

I consider the account compromised anyway, and it's empty, regardless... But I would like a difficulty test on my password. Which, to be clear, is unique to Mt. Gox.
Chick
member
Activity: 70
Merit: 10
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 05:39:41 PM
#39
These guys deserved their accounts to be hacked...


abcde:abcde
endeavormac:endeavormac
jallen:jallen
shecnu3:shecnu3
edocasper:edocasper
demodash:demodash
niky89:niky89
hehehe\':NO PASSWORD:$1$ZJVxD1Xi$8MuO2/IEK2ITAOiRVH8nD/::::::
bubbles:bubbles
kendomastr:kendomastr
BenCardwell1:bencardwell1
test23:test23
test2323:test2323
gibberish:gibberish
themandarax:themandarax
goodbrod:goodbrod
5FDERZ$:NO PASSWORD:$1$WV1exL20$LGjDyermelSynowyWSjaW0::::::
Pete Butter:butter
feefeefeefee:feefeefeefee
daniellobel:daniellobel
Phantom_Knight:phantom
25toro:25toro
sheef1:sheef1
yui9:NO PASSWORD:$1$tRf6y.pr$EWaJXMzwRfyXvq5zI3.y..::::::
Johnster:johnster
loppyer:loppyer
Amaresh:amaresh
[email protected]:meinseins
faceb:faceb
mueller:mueller
heatherington:Heatherington
stupid!:stupid!
mintslice:mintslice
sfhdusfhd:sfhdusfhd
Qba-da-Intrepid:intrepid
monkeys:monkeys
robot:robot
twatty:twatty
Mr.LKS:Mr.LKS
xxxxx:xxxxx
xxxxxxxxx:xxxxx
1qayxcvbnm:1qayxcvbnm
skerit
newbie
Activity: 20
Merit: 0
Re: DIRECT DOWNLOAD LINK FOR LEAKED MT. GOX ACCOUNT DATABASE (CSV FILE)
June 19, 2011, 05:38:49 PM
#38
I'm number 905. Don't remember when I signed up really, but I only got into bitcoin once you could get bitcoins from europe. Which was pretty late in the game.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: