generalt account hacked | Bitcointalksearch.org

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: generalt on October 16, 2017, 10:00:55 PM

I got my account back!!! Thank you everybody for all your help in this matter.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----

I feel whole again! Cheesy

Quoted and verified.

Quote from: generalt on October 16, 2017, 10:16:24 PM

Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

Quoted.

Quote from: philipma1957 on October 16, 2017, 10:38:17 PM

1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje

this is my secondary account

judypug1956

Quoted. You should probably sign a message with it, but in this thread: https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318.

OP, you should lock this thread now.

philipma1957

legendary

Activity: 4256

Merit: 8551

'The right to privacy matters'

Quote from: generalt on October 16, 2017, 10:16:24 PM

Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

I will quote and I have done multiple sales with you . I also have met with you in person more then once.

I will lift the neg trust I posted

This is my really long term address

1JdC6Xg3ajT3rge3FgPNSYYFpmf53Vbtje

this is my secondary account

judypug1956

I truly fear getting hacked on this site.

I am glad it was fixed.

generalt

legendary

Activity: 1096

Merit: 1021

Also taking this opportunity to post a stake address 1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

real_generalt

newbie

Activity: 14

Merit: 0

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----

generalt

legendary

Activity: 1096

Merit: 1021

I got my account back!!! Thank you everybody for all your help in this matter.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is generalt and today is October 16th. This message is to verify that I do have my account back. Thank you all!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HMPcgKVShxs+F6Wokt43Z34xHOlZ/sdM1aMkL4LNYBOeVgmCED+fGSgvmKDR4E5HvuunZ2g71RjIee9xkZK0YOQ=
-----END BITCOIN SIGNED MESSAGE-----

I feel whole again! Cheesy

Dorkie

member

Activity: 420

Merit: 13

Quote from: real_generalt on October 14, 2017, 07:17:28 PM

Perhaps a system that sends an email to the original email address with a link that gives the original owner a certain amount of time to click it to change the email back to the original. So if you did change it just ignore the email but if you didn't change it then you click the link and it reverts is back to the original email and forces a password change.

Yes, another good solution.
Simple solutions that work.
And yet the bitcointalk insiders are squeezing their brains, thinking superman hard, trying to come up with some super revolutionary method to solve the problem.
The insiders are working 3 to 4 years long trying to come up with the most novel way of account security in the hopes that they will win a Nobel prize.

real_generalt

newbie

Activity: 14

Merit: 0

Quote from: Dorkie on October 14, 2017, 02:15:04 PM

Quote from: pixie85 on October 14, 2017, 02:05:22 PM

This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.

Indeed, that is a good temporary fix.
I would suggest that the system not allow any change to the email address at all.
This will make sure no control of any account is possible.
I still can't see any vulnerability in making the email immutable.
In fact, I see it as a very good solution.

Perhaps a system that sends an email to the original email address with a link that gives the original owner a certain amount of time to click it to change the email back to the original. So if you did change it just ignore the email but if you didn't change it then you click the link and it reverts is back to the original email and forces a password change.

Dorkie

member

Activity: 420

Merit: 13

Quote from: pixie85 on October 14, 2017, 02:05:22 PM

This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.

Indeed, that is a good temporary fix.
I would suggest that the system not allow any change to the email address at all.
This will make sure no control of any account is possible.
I still can't see any vulnerability in making the email immutable.
In fact, I see it as a very good solution.

pixie85

hero member

Activity: 2170

Merit: 528

Quote from: Dorkie on October 14, 2017, 02:07:14 AM

I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.

So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.

I am a recent victim of an account hack.

Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.

This won't work because many people are using VPNs, so their IP is changing with every login. I know that some people don't, but it's only one of many things an admin should verify before blocking the account or giving it back to someone.
I'd rather have my account locked than watch a hacker make money off it, so Theymos or Cyrus should at the very least block the accounts that people are claiming to be stolen. That is of course if these accounts have recently undergo a password and email change.

Dorkie

member

Activity: 420

Merit: 13

Have you guys ever thought that all the hacking was actually an inside job?

In other words, whatever verification you use (stacking bitcoin address, 2 factor authentication, etc) is actually useless.

real_generalt

newbie

Activity: 14

Merit: 0

Quote from: Dorkie on October 14, 2017, 02:07:14 AM

I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.

So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.

I am a recent victim of an account hack.

Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.

I think the system can but the problem would be the resources (time being a resource) required to manually track all that information to try to confirm the identity of a person. Since there are so many scammers out there I can only imagine that they must get quite a few hacked account messages every day. I'm guessing that this is not their full time job so it is not like they can spend 8 hours a day dedicated to maintaining this forum. I believe at one point I saw a post about stake addresses and of course it wouldn't hurt to put a BTC address out there somewhere you can refer to just in case.

1GENERALrtBAjEv2Ps5cmEW1FADnXh1bCZ

coolcoinz

legendary

Activity: 2744

Merit: 1174

Quote from: Dorkie on October 14, 2017, 02:07:14 AM

I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.

So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.

I am a recent victim of an account hack.

Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.

At least make the hacker's attempt not worth it. Follow your hacked account and if it joins any campaign or giveaway make sure people know it's hacked and not allow him in.
I think there should be a thread with a list of all the hacked accounts that would work like SMAS, so that people can check accounts before sending them any money.

Dorkie

member

Activity: 420

Merit: 13

I have no choice but to suspect the requirement to sign message with a bitcoin address is a way of tracking who is the owner of which bitcoin address, very much like what many exchanges are doing when they require submission of ID, driving license, etc for KYC/AML excuses/nonsense.

So if a user never posted his bitcoin address here (because he never sell anything here), that means he can NEVER recover his account?
How ridiculous.

I am a recent victim of an account hack.

Edit:
By right the system should be able to trace the change of IP addresses used before and after an account hack.

real_generalt

newbie

Activity: 14

Merit: 0

Quote from: Aventhe on October 13, 2017, 09:28:26 PM

Quote from: KWH on October 13, 2017, 08:08:59 PM

Quote from: real_generalt on October 13, 2017, 07:55:38 PM

Thank you again. Unfortunately not a single peep from the pm to theymos with signed messages about getting my account back. I guess he's got bigger fish to fry.

Account recovery seems to be low priority, waiting is all you can do.

Theymos could implement f2a and make account sales illegal and that would hugely cut down on the spam, scam and whatnot on this forum. I can't believe why this is not a priority. If not this, what else?

Yes two factor authentication would be great. The mere fact that you can sell accounts show that they have value worth protecting with two factor. I think more and more people are getting used to two factor authentication in light of all the breaches.

Aventhe

full member

Activity: 322

Merit: 134

Quote from: KWH on October 13, 2017, 08:08:59 PM

Quote from: real_generalt on October 13, 2017, 07:55:38 PM

Thank you again. Unfortunately not a single peep from the pm to theymos with signed messages about getting my account back. I guess he's got bigger fish to fry.

Account recovery seems to be low priority, waiting is all you can do.

Theymos could implement f2a and make account sales illegal and that would hugely cut down on the spam, scam and whatnot on this forum. I can't believe why this is not a priority. If not this, what else?

KWH

legendary

Activity: 1904

Merit: 1045

In Collateral I Trust.

Quote from: real_generalt on October 13, 2017, 07:55:38 PM

Thank you again. Unfortunately not a single peep from the pm to theymos with signed messages about getting my account back. I guess he's got bigger fish to fry.

Account recovery seems to be low priority, waiting is all you can do.

real_generalt

newbie

Activity: 14

Merit: 0

Thank you again. Unfortunately not a single peep from the pm to theymos with signed messages about getting my account back. I guess he's got bigger fish to fry.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: real_generalt on October 13, 2017, 05:27:35 PM

Quote from: KWH on October 13, 2017, 04:34:59 PM

I would add today's date ASAP.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is to let all know that my account generalt on bitcointalk was hacked and somebody else now has control of the account as of today October 13th 2017. Thank you to all those that helped up to this point.
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
G+CETp5wwtTtckHxiLILi31R+U9uc26sEKJa4K+8PjUxUzPtTNtMjvr9MB80n0o62cxzeAo8iCuKTbnhi3PGbJE=
-----END BITCOIN SIGNED MESSAGE-----

Quoted and verified.

real_generalt

newbie

Activity: 14

Merit: 0

Quote from: KWH on October 13, 2017, 04:34:59 PM

I would add today's date ASAP.

-----BEGIN BITCOIN SIGNED MESSAGE-----
This is to let all know that my account generalt on bitcointalk was hacked and somebody else now has control of the account as of today October 13th 2017. Thank you to all those that helped up to this point.
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
G+CETp5wwtTtckHxiLILi31R+U9uc26sEKJa4K+8PjUxUzPtTNtMjvr9MB80n0o62cxzeAo8iCuKTbnhi3PGbJE=
-----END BITCOIN SIGNED MESSAGE-----

Aventhe

full member

Activity: 322

Merit: 134

Quote from: real_generalt on October 13, 2017, 04:17:20 PM

Quote from: KWH on October 13, 2017, 02:30:41 PM

Can you sign a message with: 1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2

https://bitcointalksearch.org/topic/m.15472773

-----BEGIN BITCOIN SIGNED MESSAGE-----
Thank you KWH for finding a message with my address!
-----BEGIN SIGNATURE-----
1GENERAL7QdpxHezWzoToWGXpDX4XuLcR2
HGkqofsJnxDFpDZReOYxxp7ZDwBYK0zD8uLak0+3NTJmK1Cx4W/Q5Wqm5gDyCcGN1mNB4EuR4q8O7Bt2gsRfuOA=
-----END BITCOIN SIGNED MESSAGE-----

This message checks out, Coinig link. Though, yes, you should really add the date to that address and sign the message again.

@KWH, I am pretty sure the signed message was generated today for this case at hand. "Thank you KWH for finding a message with my address!" is a pretty direct message for this instance.

Topic: generalt account hacked (Read 718 times)