Pages:
Author

Topic: How did you lost your bitcointalk account? (Read 473 times)

legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
As the bull run a is fact now, the hacking attempts will begin to be more and more popular again. That's why this thread should be somehow a lesson for those who don't care much for their security.

Here is something not related to bitcontalk as well but can keep you safe, I got this email today.. don't fall for this >

Quote
-----Opprinnelig melding-----
Fra: [email protected] <[email protected]>
Sendt: 14. mai 2019 17:05
Til: myrealname<[email protected]>
Emne: Your account was under attack! Change your access data!

Hello!

I have very bad news for you.
21/10/2018 - on this day I hacked your OS and got full access to your account [email protected]

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $788 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1E9qZgNC9KRnJfwZChcBtXN8D4g17T51p7

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
 This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Have a nice day!


Checking the address someone got fooled already.. Sad
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
OK, updated accordingly Wink
I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.

OK, updated accordingly Wink

edited:
OK, updated accordingly Wink
I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.
Agree with that, now it should be fine.
legendary
Activity: 1988
Merit: 1317
Get your game girl
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.
newbie
Activity: 10
Merit: 0

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.


Judging by your posts on the last 3 pages, you are the same "shitposter" as me, about the same level, I'm serious - without sarcasm.
In addition, my question is quite simple, is my account in permaban or not?
full member
Activity: 420
Merit: 184

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Thanks Sir it vary Informative
Cockamamie (ridiculous or nonsensical)...
full member
Activity: 420
Merit: 184
I'm curious as to how so many people lost access to their account as well. This forum is unlike most others (really all others I've ever used) in that there is the potential for earning money simply by posting here, and the amount of money you can earn goes up with your seniority/rank. Hence there are powerful incentives to hack higher ranked accounts, and so one should treat this forum like an online bank or crypto exchange w/r/t passwords and security in general.

I imagine the most likely culprit are those shady mirror (phishing?) sites like bitcointalk . to and bitcointallk . org (modified so as to not trigger the phishing detector). I've clicked on links to both sites while searching for plagiarism and though I didn't go so far as to actually log in, I can easily imagine someone doing just that.

EDIT - fixed names of phishing sites; obviously, don't go to them and for the love of dog don't log in, either!

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I figure that most people won’t know the direct cause for the hacking that took place on their account. They can try nevertheless to second-guess the reason by reviewing their habits. Since recovering a hacked account seems to be such a lengthy process (time wise), it does seem a good idea to try to extract common factors and list them in order to try to mitigate this from happening.

The recovery process does seems way too slow. We know it is not a forum priority to speed up the recovery process at this time, and one should take time to assess his security standards in general, but people do trip, and it would be good to aid them soonish even if they tripped due to their own clumsiness.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
~
As clear as crystal  Cheesy

~
That's why you do not want to use same password in everywhere.
legendary
Activity: 2688
Merit: 3983
I do not know if there is a direct link, but I think that the Bounties (Altcoins) campaigns are one of the reasons for hacking accounts.
A while ago, one of the managers of those campaigns asked me to design a signature and send it to him via e-mail. Now I receive more than ten messages of spam every day.
These campaigns require setting up accounts "creat account which may be near/same to your email/password info," adding your email and other information that will benefit in guessing your password.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

All those like Trojan horse, keyloggers, etc, go to the 3rd party affected software... updated.

My initial intention was not to make a guide or list here. I just wonder how, all those people here complaining and waiting for account recovery, lost their accounts.
If you keep your security at dissent level and use the "Free Common Sense Internet Security 2018" it should be good enough.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

===> Keylogger (Keystroke logging) can be an easy way for the hackers to take away your credentials from your device. Always use antivirus if you are not tech savvy.

===> Having easy recognizable password like 12345678 or 123abc etc. A strong password should contain: capital letters, small letters, digits and special symbols like #'"! etc.
i.e: @*b3HLwCA'@pzQPp

PS: I never lost my BitcoinTalk account yet. Above are from experience only.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection? Even with a fake DNS, you should at least get a warning from your browser.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Updated,
Thank you guys. It's good to learn from each other's mistakes .
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
- 2015 hack. I'll add link later
About the recent server compromise

Am I missing something here??
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
I've lost this my account but Cyrus restored it. I would say it was my fault. I used good password, didn't visited phishing websites, but problem was on another place. I used weak password and no 2FA on my email. I've used that email and password to login to various shitty and unclear websites, probably one of these websites just sold their user login database. My email was hacked, then hacker changed my Bitcointalk account password and email. I've noticed it only after few minutes and I locked my account imnediately. Hacker wasn't able to make damage to my account. He also tried to hack my accounts on few exchanges, luckily he wasn't able to do that.
legendary
Activity: 1988
Merit: 1317
Get your game girl
You forgot to mention the most important and the quickest way of losing your account : - * Secret Question. It's common to forget passwords if you're an internet junkie and we often use email as the standard way of resetting them. However, if someone tries to set their passwords through forum's secret question feature, they're locked out of their accounts. Not sure if already done but theymos should really  disable that broken functionality.
sr. member
Activity: 840
Merit: 266
I always wanted to ask this question but I never did, I know most of ways why people lose there ETH address and exchanges accounts to and I know Bitcointalk accounts will be common with them in phishing sites but there might more ways, any new information will be posted here might be the reason for someone to not lose his account  .
Pages:
Jump to: