Author

Topic: How did you lost your bitcointalk account? (Read 474 times)

legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
As the bull run a is fact now, the hacking attempts will begin to be more and more popular again. That's why this thread should be somehow a lesson for those who don't care much for their security.

Here is something not related to bitcontalk as well but can keep you safe, I got this email today.. don't fall for this >

Quote
-----Opprinnelig melding-----
Fra: [email protected] <[email protected]>
Sendt: 14. mai 2019 17:05
Til: myrealname<[email protected]>
Emne: Your account was under attack! Change your access data!

Hello!

I have very bad news for you.
21/10/2018 - on this day I hacked your OS and got full access to your account [email protected]

So, you can change the password, yes... But my malware intercepts it every time.

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I'm talk you about sites for adults.

I want to say - you are a BIG pervert. Your fantasy is shifted far away from the normal course!

And I got an idea....
I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
Turned out amazing! You are so spectacular!

I'm know that you would not like to show these screenshots to your friends, relatives or colleagues.
I think $788 is a very, very small amount for my silence.
Besides, I have been spying on you for so long, having spent a lot of time!

Pay ONLY in Bitcoins!
My BTC wallet: 1E9qZgNC9KRnJfwZChcBtXN8D4g17T51p7

You do not know how to use bitcoins?
Enter a query in any search engine: "how to replenish btc wallet".
It's extremely easy

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.
If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your "enjoys".

I hope you understand your situation.
- Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
- Do not try to contact me (this is not feasible, I sent you an email from your account)
- Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
 This is the word of honor hacker

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.
Have a nice day!


Checking the address someone got fooled already.. Sad
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
OK, updated accordingly Wink
I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.

OK, updated accordingly Wink

edited:
OK, updated accordingly Wink
I'm not a coder or a back-end type of guy but the link that I provided, has other things apart from "Packet Sniffing" and I believe those still apply.
Agree with that, now it should be fine.
legendary
Activity: 1988
Merit: 1317
Get your game girl
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection?
There are highly advanced packet sniffers which sit on the remote servers and are capable of doing so without logging the traffic. Anyway, packet sniffing wouldn't work here as the only sensitive data involving accounts is the password which is encrypted and stored in the database as a hash. Such data even if accessed by the packet sniffers won't  be in human readable format.
newbie
Activity: 10
Merit: 0

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.


Judging by your posts on the last 3 pages, you are the same "shitposter" as me, about the same level, I'm serious - without sarcasm.
In addition, my question is quite simple, is my account in permaban or not?
full member
Activity: 420
Merit: 184

if by, "weird," you really mean, "totally inapplicable," then sure... Your originally account appears to have been temp-banned after being inactive for 1 year, and back when you were active you were a shitposter by all accounts, so, not really seeing the relevance to the current discussion.

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Thanks Sir it vary Informative
Cockamamie (ridiculous or nonsensical)...
full member
Activity: 420
Merit: 184
I'm curious as to how so many people lost access to their account as well. This forum is unlike most others (really all others I've ever used) in that there is the potential for earning money simply by posting here, and the amount of money you can earn goes up with your seniority/rank. Hence there are powerful incentives to hack higher ranked accounts, and so one should treat this forum like an online bank or crypto exchange w/r/t passwords and security in general.

I imagine the most likely culprit are those shady mirror (phishing?) sites like bitcointalk . to and bitcointallk . org (modified so as to not trigger the phishing detector). I've clicked on links to both sites while searching for plagiarism and though I didn't go so far as to actually log in, I can easily imagine someone doing just that.

EDIT - fixed names of phishing sites; obviously, don't go to them and for the love of dog don't log in, either!

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I figure that most people won’t know the direct cause for the hacking that took place on their account. They can try nevertheless to second-guess the reason by reviewing their habits. Since recovering a hacked account seems to be such a lengthy process (time wise), it does seem a good idea to try to extract common factors and list them in order to try to mitigate this from happening.

The recovery process does seems way too slow. We know it is not a forum priority to speed up the recovery process at this time, and one should take time to assess his security standards in general, but people do trip, and it would be good to aid them soonish even if they tripped due to their own clumsiness.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
~
As clear as crystal  Cheesy

~
That's why you do not want to use same password in everywhere.
legendary
Activity: 2702
Merit: 4002
I do not know if there is a direct link, but I think that the Bounties (Altcoins) campaigns are one of the reasons for hacking accounts.
A while ago, one of the managers of those campaigns asked me to design a signature and send it to him via e-mail. Now I receive more than ten messages of spam every day.
These campaigns require setting up accounts "creat account which may be near/same to your email/password info," adding your email and other information that will benefit in guessing your password.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

All those like Trojan horse, keyloggers, etc, go to the 3rd party affected software... updated.

My initial intention was not to make a guide or list here. I just wonder how, all those people here complaining and waiting for account recovery, lost their accounts.
If you keep your security at dissent level and use the "Free Common Sense Internet Security 2018" it should be good enough.
copper member
Activity: 630
Merit: 420
We are Bitcoin!
How about spyware like keylogger...
@iasenko: I wonder how you did you miss this even after the mention? It's a valid reason.  Smiley

===> Keylogger (Keystroke logging) can be an easy way for the hackers to take away your credentials from your device. Always use antivirus if you are not tech savvy.

===> Having easy recognizable password like 12345678 or 123abc etc. A strong password should contain: capital letters, small letters, digits and special symbols like #'"! etc.
i.e: @*b3HLwCA'@pzQPp

PS: I never lost my BitcoinTalk account yet. Above are from experience only.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
How can they sniff your packets if the site uses an encrypted connection? Even with a fake DNS, you should at least get a warning from your browser.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Updated,
Thank you guys. It's good to learn from each other's mistakes .
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
- 2015 hack. I'll add link later
About the recent server compromise

Am I missing something here??
Apart from your list and what other users posted, there's also "Public Wifi Networks/Connections".
- Here's a useful link: 5 Ways Hackers Can Use Public Wi-Fi to Steal Your Identity
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
I've lost this my account but Cyrus restored it. I would say it was my fault. I used good password, didn't visited phishing websites, but problem was on another place. I used weak password and no 2FA on my email. I've used that email and password to login to various shitty and unclear websites, probably one of these websites just sold their user login database. My email was hacked, then hacker changed my Bitcointalk account password and email. I've noticed it only after few minutes and I locked my account imnediately. Hacker wasn't able to make damage to my account. He also tried to hack my accounts on few exchanges, luckily he wasn't able to do that.
legendary
Activity: 1988
Merit: 1317
Get your game girl
You forgot to mention the most important and the quickest way of losing your account : - * Secret Question. It's common to forget passwords if you're an internet junkie and we often use email as the standard way of resetting them. However, if someone tries to set their passwords through forum's secret question feature, they're locked out of their accounts. Not sure if already done but theymos should really  disable that broken functionality.
sr. member
Activity: 840
Merit: 266
I always wanted to ask this question but I never did, I know most of ways why people lose there ETH address and exchanges accounts to and I know Bitcointalk accounts will be common with them in phishing sites but there might more ways, any new information will be posted here might be the reason for someone to not lose his account  .
member
Activity: 80
Merit: 10
DAMN SON!
How about spyware like keylogger or something like everything that you write, will send to hacker?

But, looks like phishing site is the most common case.
legendary
Activity: 2240
Merit: 3150
₿uy / $ell ..oeleo ;(
Every day I see many people complaining how they lost their accounts and want to recover them.
How the hell did you get your account lost/hacked?

We need a guide how to prevent this from happening if there isn't already one/few I'm not aware of.

I know some of the reasons I'm gonna list here:


  • First and main reason is the account selling. You buy account from a scammer, he gets the money, you get control over the account and soon he comes here, claiming that his account was hacked and trying to get it back by providing signed proof.
  • 2015 hack. About the recent server compromise
  • The Secret Question option - if you try to recover you password using the secret question option, your account will be locked for revision from the admins. Thanks to Joel_Jantsen for the input
  • Third-party affected software/sites,wallets, fake mobile apps, compromised computers,trojan horses,keyloggers etc.
  • Phishing links, like bitcointalk.[to] bitcointallk.[org], or just clicking random faucet links...
  • Using weak or the same password on different sites or just email password without additional projection, Thanks to LTU_btc for the input
  • Using your account as collateral
  • Using Public Wifi Networks/Connections*, thanks to SFR10
  • Pure stupidity, like your wife (no offense) has access to the account and to all of your bitcoins....

*Does not affect so much the security as nowadays most of the sites /as bitcointalk/ use HTTPS request and they are encrypted so sniffing them is no use.

Am I missing something here??

Tell me your story.
Jump to: