Pages:
Author

Topic: How many hacked polo accounts does it take for them to make 2fa mandatory? (Read 2465 times)

sr. member
Activity: 672
Merit: 250
CryptoTalk.Org - Get Paid for every Post!
Polo continually is getting hacked. User accounts without 2fa are the target. Value in said accounts is traded out to the attackers benefit.

Polo is complacent in this. They know and do nothing. They are enabling this to happen. Most likely they are insolvent and or are in on it. Very shaddy!

Its time for a class action lawsuit.



This is serious threat i think they must do something about this asap
hero member
Activity: 528
Merit: 527
Coinbase just disabled 2FA SMS due to lack of security in phones.

They are allowing you to use 2FA Apps though if you have the money to get an Android, iPhone, or Windows phone.

Personally, I think people should just strong passwords.
newbie
Activity: 40
Merit: 0
Wow, you are a dick.    I get your point about​ a strong pw, but you are still a dick.

To the other person who insisted that I didn't change my password, this was a new account, it got hacked within a few weeks of opening it.

Btw folks the hacker Still has access to polo accounts and is still draining them.

2FA is actually less secure than a strong password. Phone accounts can be easily hacked via various methods. In fact, I am suspecting that OP is really a hacker that is trying to make Polo accounts less secure by getting them to require 2FA.

Accounts with 2FA allow a password reset using your phone, that is how Coinbase accounts get hacked all the time. If you don't use 2FA on your Coinbase account, you can't be hacked with a strong password.

2FA = hacker's wet dream

2FA is like requiring home owners to put multiple locks on their guns so that they can't quickly arm themselves if they get robbed.

I just used my Keepass to generate this 24 digit password: Ã:äPrQÕ¾+N=í©Sÿ3ƽ§«7Ùà2

I checked the generator and there are a potential of over a hundred different characters, so 100^24 = over 10^48 possible combinations.

There is no way OP can hack 10^48 possible combinations, so he wants to degrade security by using the 2FA back door method.

This is how you know OP is a hacker.

member
Activity: 110
Merit: 10
2FA is actually less secure than a strong password. Phone accounts can be easily hacked via various methods. In fact, I am suspecting that OP is really a hacker that is trying to make Polo accounts less secure by getting them to require 2FA.

Accounts with 2FA allow a password reset using your phone, that is how Coinbase accounts get hacked all the time. If you don't use 2FA on your Coinbase account, you can't be hacked with a strong password.

2FA = hacker's wet dream

2FA is like requiring home owners to put multiple locks on their guns so that they can't quickly arm themselves if they get robbed.

I just used my Keepass to generate this 24 digit password: Ã:äPrQÕ¾+N=í©Sÿ3ƽ§«7Ùà2

I checked the generator and there are a potential of over a hundred different characters, so 100^24 = over 10^48 possible combinations.

There is no way OP can hack 10^48 possible combinations, so he wants to degrade security by using the 2FA back door method.

This is how you know OP is a hacker.

Not really. Better have a strong password and 2FA but via App and not SMS.
sud
sr. member
Activity: 826
Merit: 301
Over the last 3 month there are many newbie users who don't even know the dangers about 2fa, there may be more hacked accounts.

FTFY - 2FA is very hackable and a security weakness



Maybe, but it's another layer of security. The more the better.
hero member
Activity: 528
Merit: 527
Over the last 3 month there are many newbie users who don't even know the dangers about 2fa, there may be more hacked accounts.

FTFY - 2FA is very hackable and a security weakness

full member
Activity: 462
Merit: 100
Over the last 3 month there are many newbie users who don't even about 2fa, there may be more hacked accounts.
newbie
Activity: 17
Merit: 1
Bittrex forced it, and I am not sure if there is a lesser percentage of hacked accounts.
hero member
Activity: 528
Merit: 527
2FA is actually less secure than a strong password. Phone accounts can be easily hacked via various methods. In fact, I am suspecting that OP is really a hacker that is trying to make Polo accounts less secure by getting them to require 2FA.

Accounts with 2FA allow a password reset using your phone, that is how Coinbase accounts get hacked all the time. If you don't use 2FA on your Coinbase account, you can't be hacked with a strong password.

2FA = hacker's wet dream

2FA is like requiring home owners to put multiple locks on their guns so that they can't quickly arm themselves if they get robbed.

I just used my Keepass to generate this 24 digit password: Ã:äPrQÕ¾+N=í©Sÿ3ƽ§«7Ùà2

I checked the generator and there are a potential of over a hundred different characters, so 100^24 = over 10^48 possible combinations.

There is no way OP can hack 10^48 possible combinations, so he wants to degrade security by using the 2FA back door method.

This is how you know OP is a hacker.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
Interesting replies..
Would be good if we had a wiki on known problems or policies.

For example.. Shouldn't they all lock you out after putting in the wrong password too many times?
Like which do that?
I'm not too sure..

I often avoid 2fa because it's a pain in the ass.
But i would be more inclined if I had money on a service.. Pool.. Online wallet.. Exchange etc.
Right now I might have a $100 on an exchange.. So I am not worried about it.
If I was risto with 2 million in xmr on Polo fuck yeah I would have 2 factor auth enabled.
But..
I just don't think it should be mandatory like this topic is about.

I am convinced exchanges can and do simply take our money though.
It's too easy for them and don't forget...
It's not illegal.
They can do what ever they want.. This stuff is not regulated.
For example if Polo says they are retiring and taking all our money then oh well..
They can.
It's there right to do it.
And we can bitch and moan about it but that is the price we pay for screaming the free market mantra for 8 years.
hero member
Activity: 487
Merit: 500
Lets not forget they also give you an email notice if your account is accessed from a new IP as well as a confirmation email for withdrawals.

Let's not forget that the withdrawal is processed without clicking on the e-mail link after a hack.
Checking recent activity of the e-mail account confirms the hacker had no access to the e-mail.

That the withdrawal is processed without the e-mail confirmation after a hack is a known flaw by poloniex.

And what can you do with the notification? It just shows you unauthorised access to your account but it doesn't prevent anything. The hack has already occured.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
 Lets not forget they also give you an email notice if your account is accessed from a new IP as well as a confirmation email for withdrawals.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
You guys are missing the point..
Why should no 2fa be a problem if using a secure setup?
Think about it.

How would a hacker know your correct account name / email login
And on top of that manage to brute force guess a 24 char random password using a pro password creator?

It just wouldn't happen.. You would have better odds buying a lottery ticket..
Or guessing the private key to a BTC account with money on it.

You guys get it yet?
I don't think so by the replies..

And I also am not sure if Poloniex or Bittrex have a guard in place.
Do they lock out people who put in the wrong password too much?
If they don't do that it's Hella scammy!

And yeah of course some users are going to be easy pickin's.
Some have simple little passwords.. Reused etc.
And yeah you can get *some logins from other sources like say a pool..
But it comes down to probability and the stats / odds.

If no one has local access to my machine and I have not been hacked / infected...
And... I have a long unique random password..
The fucking exchange is to blame.. NOT HACKERS!
sr. member
Activity: 518
Merit: 250
Polo continually is getting hacked. User accounts without 2fa are the target. Value in said accounts is traded out to the attackers benefit.

Polo is complacent in this. They know and do nothing. They are enabling this to happen. Most likely they are insolvent and or are in on it. Very shaddy!

Its time for a class action lawsuit.

Just by user not keep their account safe and not use 2FA when use exchange site, do that look like as they not seriously when keep their money. When use exchange site or other gate can send money, admin always recommend user use 2FA for safe and security when have hacker try hack your account.
full member
Activity: 560
Merit: 111
New support staff from moderators have to many rights on getting information. It the problem.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
At the end of may there was a polo ddos attack, the official story was too many new users. That is the time my account was hacked.

I really feel that the attacker got a list of non 2fa accounts and just started going alphabetical. This other user had the exact same thing happen, A full fucking month later. Coincidence that both accounts started with an A?

Doubt it.

Polo was and is still compromised.


My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical.

The hacker has been able to do this for atleast a month and a half.

The hacker drained my account nearly exactly like yours by setting counter trades.

Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it.

Hence, I believe they should be opened to a lawsuit.




In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.


Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.

Op did you previously contact the polo help desk for anything.
 Also what letter did your account begin with?


My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that,
Did you see any unauthorized activity on your account?

Only a complete retard could be effected by that old hack that polo already made whole and patched. If you haven't changed your password in the years since they warned you to then I hope you lose your assets and that's not called a being hacked, that's called being stupid.
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
Wow you are all ultra fucking stupid.

Guess what?

Accounts with 2fa can still get hacked..
But it's rare because it puts the blame on guess whom?

If I had an exchange I could simply go through the accounts and take money from any with no 2fa..
Then simply imply it must have been "hackers"
And since there is no transparency or accountability it would 100% impossible to prove it wasn't.

So let's break it down stupid people..

If you had a 24 char random pass how does a guy guess it with only a few tries while not getting Blocked by the service?
Ever put in the password wrong some place before 3 times?

If they are allowing random people to brute force accounts then uhhh LOL

Further more I use a Password manager that creates deliberately hard passwords.
24 carefully designed chars that it says would take millions of years to crack.
And since I never reuse passwords I would blame 1 source if I got hacked.
Guess who?

Now on the other hand there is idiots out there that use basic simple passwords and also reuse them.
This would be target no. 1
Who could see password lengths of all users?

Mythical magic "hackers".. Or?
legendary
Activity: 3010
Merit: 1028
Leading Crypto Sports Betting & Casino Platform
At the end of may there was a polo ddos attack, the official story was too many new users. That is the time my account was hacked.

I really feel that the attacker got a list of non 2fa accounts and just started going alphabetical. This other user had the exact same thing happen, A full fucking month later. Coincidence that both accounts started with an A?

Doubt it.

Polo was and is still compromised.


My working theory is that the attackers hacked polo, got a list of non 2fa, then went manually through them alphabetical.

The hacker has been able to do this for atleast a month and a half.

The hacker drained my account nearly exactly like yours by setting counter trades.

Yes polo should be able to track this, have they made any effort to call in authorities? I doubt it.

Hence, I believe they should be opened to a lawsuit.




In my case ,at the end of May, I booted fresh from a livelinux CD and used a new email address. The only thing I did different was I had to contact their help desk.
So I'm not sure how my account was compromised then.


Also my compromised account started with an A, so I assume hacker got access to polo database an went alphabetical.

Op did you previously contact the polo help desk for anything.
 Also what letter did your account begin with?


My Account started with A as well (we may be on to something here)!! but not, I did not contact their help desk at all before that,
Did you see any unauthorized activity on your account?
Pretty sure that the hackers got the lists of both accounts with 2fa or non 2fa but just can't access the 2fa enabled accounts so the hackers just went through the unenabled ones.
Big chances the hackers themselves have the access to the database because phishing account especially an exchanger ones is kinda difficult.
hero member
Activity: 528
Merit: 527
Polo continually is getting hacked. User accounts without 2fa are the target. Value in said accounts is traded out to the attackers benefit.

Polo is complacent in this. They know and do nothing. They are enabling this to happen. Most likely they are insolvent and or are in on it. Very shaddy!

Its time for a class action lawsuit.



I found your polo password: https://www.youtube.com/watch?v=QcyeYFXdHNQ#t=1m17
Pages:
Jump to: