Author

Topic: FYI: "ownership change queued" (Read 997 times)

legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
August 03, 2024, 08:41:19 PM
#23
Today, by checking my trust page, i found the notice that my email was recently changed to <...>@bounces.invalid

Your account is definitely not hacked:

This is something we recently started doing. If email sent to your email address bounces with an error message like, "This email address doesn't exist", then your email may eventually be changed to [email protected]. (It's not possible for users to change their email address to something ending in .invalid, so this can only be an administrative change.) Because your old email didn't exist, somebody could've registered your non-existent email address and used that to steal your account.

I didn't particularly intend for the trust warning to appear for these automatic changes, but it's a niche situation and a bit difficult to fix, so I probably won't fix this unless several other people complain. It only lasts 30 days, after all.



- My yahoo inbox was completely empty when i checked it today after almost 6 years since the creation date. This maybe due to some default settings because i checked another old yahoo email and all inbox folders are also empty.

My guess is that your Yahoo mail account was deactivated due to inactivity?

source: https://help.yahoo.com/kb/SLN29338.html
Quote
Inactive mailboxes in Yahoo Mail

After 12 months or more of not using your mailbox, it is considered inactive. It will stop receiving new emails, and all mailbox contents, folders, contacts and settings are permanently deleted.
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
August 03, 2024, 08:13:37 PM
#22
When i decided to create my BTT account, i created a new fresh email using yahoo mail. Since then, i didn't check that mail for years. The email is fully protected by phone number and recovery email.


Today, by checking my trust page, i found the notice that my email was recently changed to [email protected]

First thought that my BTT account was hacked and someone got access to change the email. I checked my inbox but found that i didn't receive any notice from administration about this change. And by checking the validity of this new email [email protected] , I found that it's an invalid email using email-checker.net

And by checking Seclog page, i found nothing about email reset for my account.

Can someone explain how this email reset change occured?

Note that:
- My BTT account password didn't change and that i have just activated 2fa authentication protection. Also i reset the account to my yahoo mail again.
- I can always prove my BTT account ownership using any of my old staked addresses.
- My yahoo inbox was completely empty when i checked it today after almost 6 years since the creation date. This maybe due to some default settings because i checked another old yahoo email and all inbox folders are also empty.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
December 15, 2018, 12:48:45 PM
#21
What's with the color differences of the accounts shown in the Security log page? May I/we have some clarity on that?

I added color-coding to the usernames in this log. That'll make it easier to pick out more valuable accounts from the list. The colors are the same as the colors on Who's Online:
- Admins = red
- Global mods = dark blue
- Donators = green
- VIPs = violet
- Staff = pink
- Regular users are various shades of grey, getting darker with seniority.
- Legendary = lightish blue

Also, I made the "reset recently" text darker and larger.
sr. member
Activity: 1260
Merit: 358
December 15, 2018, 12:21:58 PM
#20
What's with the color differences of the accounts shown in the Security log page? May I/we have some clarity on that?
legendary
Activity: 2758
Merit: 6830
December 15, 2018, 09:47:53 AM
#19
Is it the new year resolution for 2019? Because hacked accounts are usually never recovered

But they will be. Take a look at his second reply to this thread.
This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.
jr. member
Activity: 55
Merit: 1
December 15, 2018, 09:45:05 AM
#18
i didn't know that there is such a thing.  how is this done? who manages the accounts then?
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
December 15, 2018, 03:34:18 AM
#17
Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.

Is it the new year resolution for 2019? Because hacked accounts are usually never recovered
vip
Activity: 490
Merit: 271
December 15, 2018, 12:49:31 AM
#16
Thus is the general community going to be involved in the recovery process?
And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that
You could get a answer in the OP.

everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.
member
Activity: 112
Merit: 20
December 15, 2018, 12:31:54 AM
#15
Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed  accounts......
I understand your explanation a bit more and even better,so the general idea if I'm not wrong is to provide a comprehensive lists of the accounts that have been hacked and that which theymos,cryrus and the mods are working or in the process of recovering it to the real owner.
Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php, he could check if its done by the real owner
Thus is the general community going to be involved in the recovery process?
And is it by checking if the post pattern or whatever he or she can lay hands on varies from the Initial owner(poster)or something like that
vip
Activity: 490
Merit: 271
December 15, 2018, 12:06:04 AM
#14
Ownership change queue will help in a more effective way to get the cases of Hacked/Locked/Compressed  accounts to be studied as it will give us a list of usernames to the accounts which are in the process of recovery.

Also if any user finds his related or known account in the Ownership change queue displayed in the seclog.php, he could check if its done by the real owner. This will increases the scope of finding a scammer and each case can be studied in depth.

I am happy that some of the updates will be upcoming until the end of the year and most of the account in a queue to be recovered from months (some from years ) would get a decision from the administration.

Thanks for a update @theymos.

newbie
Activity: 36
Merit: 0
December 14, 2018, 05:31:47 PM
#13
Finally some good news Smiley

It wasn't expected that the system will be fully set before the end of this year as mentioned by Theymos three months ago after responsing suggestions from @hilarious :
maybe theymos and cyrus should just take a day or two out of every month to investigate and restore them.

It would take at least a couple hours every day to deal with them. Each case typically requires a lot of follow-up. And it's really annoying work. I used to do them sort-of regularly, but at some point I just couldn't stand it anymore, in addition to not really having time. Cyrus is still doing some, though not enough to keep up.

There's no need for any fee, and a fee probably wouldn't be appropriate unless absolutely necessary. Money is not a problem. If I could throw $100k at the problem and make it go away, I would do so. But in the real world, there is no magic wishing well where you can throw money and make things happen. You give people money and they don't do what you want, or the people you hire turn out not to be trustworthy, or you fill out the tax forms wrong and then later have to spend more time&money dealing with that than you would've by just doing the thing with current sub-optimal resources, etc.

I acknowledge that the current situation is very bad, and we have some plans for fixing it. I hope to have manual account reviews going smoothly again before the end of the year at the latest.

I am still waiting to read from Mods if they got information about this queue.
We still don't know how the recoveries will be rolled out but seems that Mods will have the ability to change emails. We just have to wait for few other days until full set.


newbie
Activity: 16
Merit: 0
December 14, 2018, 03:41:44 PM
#12
Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.

Nice to know that you still recover hacked accounts. My account CoinLearn was hacked more than a year ago. I sent you & Cyrus the first signed message in PM on September 03, 2017. Next, I re-sent the same to you on October 17, 2018. Here is my public thread - https://bitcointalksearch.org/topic/urgent-business-account-with-green-trust-has-been-stolen-2156605. Current owner even accepted that he bought it...

I don't remember that username of seller account. If you read through the links provided, and some of my posts above, you'll see what seller sent me account pass without escrow. And as i got it, i paid him directly.

Is there any hope left to get my account back?
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 14, 2018, 10:21:15 AM
#11
will it unlock in 7 days?

No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.

Is it still just going to be via public key signing?
If not, I’d there a way to opt for it to be for each account to make accounts much more secure, unless a large amount of develop,went is put into the new system as you mention social engineering, we might become a victim to that otherwise inless other factors are taken into account such as Mac addresses/iPs.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
December 14, 2018, 09:56:13 AM
#10
Does this mean that more password reset / account unlock requests will be processed by the admins?
Good question. Hope theymos have this in mind.
copper member
Activity: 2996
Merit: 2374
December 14, 2018, 09:38:37 AM
#9
Does this mean that more password reset / account unlock requests will be processed by the admins?
member
Activity: 168
Merit: 15
Future of Security Tokens
December 14, 2018, 03:30:18 AM
#8
This is a welcome development and would significantly lighten the long line of hacked and locked accounts waiting to have their issue addressed.

And allowing the community weigh in on decisions would also help reduce wrongful claiming of accounts.
Although it would do little for those who sold their accounts and attempted to reclaim it.
This I believe might not be an issue the admins would be much interested in
copper member
Activity: 18
Merit: 1
December 14, 2018, 12:59:08 AM
#7
No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.

Thanks, I just sent an email to [email protected]
administrator
Activity: 5222
Merit: 13032
December 14, 2018, 12:25:06 AM
#6
will it unlock in 7 days?

No.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again. But there is no immediate impact of this component to most people; I just needed to document it because the seclog entries are starting to appear.

If you are given an email address on the page which tells you that your account is locked, then it may have recently changed. If so, sending an email to the new address may expedite things.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
December 14, 2018, 12:21:57 AM
#5
No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.
Thank you for clearing it. Smiley Smiley
I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days?

please help me clear this issue.

I think this system will be implemented from today so you may need to follow the old procedure since you locked your account for a while now.
copper member
Activity: 18
Merit: 1
December 14, 2018, 12:18:19 AM
#4
I didn't understand anything. My account is locked because of email changing. will it unlock in 7 days?

please help me clear this issue.
administrator
Activity: 5222
Merit: 13032
December 14, 2018, 12:12:46 AM
#3
Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.

No, the queue only applies when the administration changes the email address, not when you change it yourself. It's for recovering hacked accounts and similar. Most people don't need to care about it.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
December 14, 2018, 12:10:02 AM
#2
Is it I understand correctly?

When someone want to change his email on BTT account,then he can't use his/her account for those 7 days because "The account stays locked throughout all of this.
administrator
Activity: 5222
Merit: 13032
December 13, 2018, 11:41:28 PM
#1
As an extra protection against any possible social engineering attacks, whenever* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

Hopefully it will be essentially unheard of, but if an account is going to be incorrectly transferred, everyone who knows about the incorrect change should noisily post all of the evidence they have so that we can at least put the change on hold and re-review the evidence.

* Admins can act outside of procedure and bypass the queue if necessary, but hardly ever will.
Jump to: