Pages:
Author

Topic: Forum database compromised? (Read 3131 times)

legendary
Activity: 1456
Merit: 1000
October 22, 2016, 10:49:16 AM
#36
Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts.
However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it.
If you have had the email on your bitcointalk profile (even hidden counts), than it was probably in the forum data breach from 2015. I don't think it was very easily obtainable/required a payment to get it until recently, since I've noticed that sites like leakedsource have added the database. I suggest searching your email up in https://www.leakedsource.com/ and see if it is from that leak.

I think this is likely the source if he had it so long.  As I don't know if we really know what they did with the DB at this point.  I remember them logging into inactive accounts like Mt. Gox and such trolling.

At the time I was curious how much info they got and mentioned something about them being a scypt kiddie or something in META and asked to impress me and give my IP.  They were able to do it at the time....  So I don't know what all data got out but know my IP at the time was part of it.  I hope no new hacks like that one have happened.
sr. member
Activity: 374
Merit: 250
October 21, 2016, 09:58:57 PM
#35
can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site.

I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post?  Shocked
Its also odd that he did not make any posts in all these years but came back to post about the Forum database being compromised.

I know this was 10 days ago, but it really is weird. I wonder what's the story behind it.
legendary
Activity: 952
Merit: 1002
October 11, 2016, 11:35:02 PM
#34
can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site.

I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post?  Shocked
Its also odd that he did not make any posts in all these years but came back to post about the Forum database being compromised.
sr. member
Activity: 374
Merit: 250
October 11, 2016, 07:49:23 PM
#33
can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site.

I found it odd that you were getting these spams, since you're showing 1 activity point. Then I checked your profile and it shows that it was created in 2013. So you created a profile over 3 years ago and this is your 1st post?  Shocked
newbie
Activity: 28
Merit: 0
October 11, 2016, 07:28:01 AM
#32
Hi there,

i also get Spam since last week, my adress too was only known to this board.
interesting is that i got spam on that adress last week for the first time.

i would recommend to send another roundmail since the phished adresses now are beeing spammed.

Greetings
newbie
Activity: 1
Merit: 0
October 11, 2016, 05:37:15 AM
#31
can confirm that my unique email-address which I have on this site is getting spam too. So something has been leaked from this site.
sr. member
Activity: 374
Merit: 250
October 11, 2016, 03:26:19 AM
#30
Where the emails encrypted?
I don't believe so. In the email concerning the hack theymos said that our Email addresses were "likely leaked". I assume that this means they were stored in plain text.

I'm so embarrassed that I wrote "where."

So basically someone paid 1 BTC to spam us. That's so freaking lame. Someone made a 1 BTC profit at the expense of us.
legendary
Activity: 2352
Merit: 1267
In Memory of Zepher
October 11, 2016, 03:10:56 AM
#29
Where the emails encrypted?
I don't believe so. In the email concerning the hack theymos said that our Email addresses were "likely leaked". I assume that this means they were stored in plain text.
sr. member
Activity: 374
Merit: 250
October 11, 2016, 01:39:51 AM
#28
That's exactly where I'm getting my spam email, "Bitcoin Market." It really sucked seeing that my email was now getting spam. So I'm guessing it was from that compromise. Were the emails encrypted?
legendary
Activity: 854
Merit: 1000
October 10, 2016, 04:46:39 PM
#27
To my knowledge, the recent DDOS attacks were just annoying. I haven't heard anything from Theymos about a security breach or potential security breach. If one had happened, or even if there was the slightest suspicion that someone could have gained access to any forum private information, Theymos would have warned everyone and asked that they changed their account details.
Totally agree with you.If there eas any kind of data stealing,Theymos would be the first person to know about that and he would have warned us.Moreover if hackers had info about our accounts,they would have sold most of high rank accounts
legendary
Activity: 2352
Merit: 1267
In Memory of Zepher
October 10, 2016, 04:20:27 AM
#26
i did not receive any spam in the mail i registered here,when was the forum compromised ,do we all need to change the password now.
Unless you have another account, you signed up over a year after the database was leaked. Therefore, your email won't have been in the leak.
In regards to changing your password, you should change your password regularly anyway. If you haven't changed it in a while, you can do it now.
sr. member
Activity: 246
Merit: 250
October 10, 2016, 03:02:04 AM
#25
i did not receive any spam in the mail i registered here,when was the forum compromised ,do we all need to change the password now.
newbie
Activity: 27
Merit: 0
October 09, 2016, 08:50:07 PM
#24

Sans looking, for I'm ready to hit the hay, I think I have a copy of that dump.

Yes nothing says scammer and liar like keeping a copy of a dumped hacked database. Oh wait yes something else does say scamming liar like that, and it is, https://bitcointalksearch.org/topic/gleb-gamow-bruno-kucinskas-is-a-scammer-a-thief-a-liar-and-an-extortionist-1012713 The true Gleb for all to see.
vip
Activity: 1428
Merit: 1145
October 07, 2016, 02:37:27 AM
#23
Nah, I run my own email servers - definitely not found by guessing - I'd see the other attempts.
However, it is the same email I've had here for 5 years, but the first time I've had spam sent to it.
If you have had the email on your bitcointalk profile (even hidden counts), than it was probably in the forum data breach from 2015. I don't think it was very easily obtainable/required a payment to get it until recently, since I've noticed that sites like leakedsource have added the database. I suggest searching your email up in https://www.leakedsource.com/ and see if it is from that leak.

Sans looking, for I'm ready to hit the hay, I think I have a copy of that dump.
hero member
Activity: 896
Merit: 1006
October 07, 2016, 12:29:47 AM
#22
Well thank god for that. The email that I use for this forum is my main email and I would really hate if that started to get a load of spam messages from advertising companies.

The passwords went trough a strong hashing algorithm, the emails are probably stored in plain text... I've never seen anybody encrypt emails for things like a forum.... So, expect some spam in your main mailbox Sad
hero member
Activity: 532
Merit: 501
October 06, 2016, 11:46:33 PM
#21
IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised.

That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default.

Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow).

I remember Theymos saying somewhere that he heavily invested (40 bitcoin) in setting up extremely strong password hashing.

Passwords defenitely not stored in plaintext, then Smiley
Well thank god for that. The email that I use for this forum is my main email and I would really hate if that started to get a load of spam messages from advertising companies.
member
Activity: 105
Merit: 59
October 06, 2016, 09:08:00 AM
#20
Overnight, I got the same email to both my butterfly labs email address and bitcointalk address.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
October 05, 2016, 11:11:42 PM
#19
IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised.

That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default.

Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow).

I remember Theymos saying somewhere that he heavily invested (40 bitcoin) in setting up extremely strong password hashing.

Passwords defenitely not stored in plaintext, then Smiley
legendary
Activity: 2590
Merit: 2156
Welcome to the SaltySpitoon, how Tough are ya?
October 05, 2016, 10:39:48 AM
#18
This is all in relation to the 2015 database leak, there hasn't been any compromise lately:
Quote from: theymos
Passwords are hashed with 7500 rounds of sha256crypt and a unique salt per password (roughly equivalent to bcrypt with work=12.8). This is very strong. But nothing's going to stop extremely weak passwords from being broken.

Theymos has mentioned the possibility that other Bitcoin related sites and services may have had their databases leaked as well, and those with the same emails and passwords as here would have been compromised. As he said above, the passwords are encrypted pretty well. 
legendary
Activity: 952
Merit: 1002
October 05, 2016, 10:22:09 AM
#17
IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised.

That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default.

Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow).
IIRC, Theymos reset the passwords of very old accounts and the only way to get back access is via email.

Its highly probable that Theymos reset the passwords of accounts without salt too or accounts using the old hashing algorithm.
Pages:
Jump to: