I forget, was there an email db leak for this forum?

Zenp

jr. member

Activity: 33

Merit: 37

I was reminded of a phishing attempt warning email I received on June 2, 2016 as my email was registered with bitcointalk in 2015.

This attempt might've been from the email db leak from 2011 or 2013 that others have mentioned. I can say this because I didn't actually receive the phishing attempt email, but only a warning of it from Kraken:

Here is the link to the reddit post: https://www.reddit.com/r/Bitcoin/comments/4m3op0/psa_phishing_attempts_reported_today_kraken_re/
Some users on the reddit post also mentioned that they did not receive the phishing attempt email. My guess is because they registered between 2013 and 2016, and their data was not leaked, and as such did not receive the phishing attempt.

libert19

hero member

Activity: 2464

Merit: 934

Quote from: scorrem on September 06, 2023, 05:09:15 AM

This hack must be responsible for lot of hacked high rank accounts which were meant to be sold. But merit system broke the heart of these hackers and sellers.

How? People got merit airdropped according to their rank when merit system was implemented.

scorrem

newbie

Activity: 3

Merit: 0

This hack must be responsible for lot of hacked high rank accounts which were meant to be sold. But merit system broke the heart of these hackers and sellers.

robelneo

legendary

Activity: 3192

Merit: 1198

Bons.io Telegram Casino

Quote from: Mr.right85 on September 03, 2023, 07:54:23 AM

Having to be reminded of these series of attacks haven’t taken place in about 3 occasions based on discoveries on this thread, it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case?

The last attack was ten years ago and every attack makes the site improve its security, No platform is safe that is why there is such a thing as bounties for security breaches not only on Bitcointalk but on other platforms as well.

Quote

What were the possible entry point for these hackers and
What was put in place to prevent future occurrences?

There is no one process, it could be social engineering, software exploitation, or brute force attack, in the case of SMF there is modification software to enhance security, and since the version is one of the oldest versions they can modify the source to enhance security.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

IMO, the only reason for all the hacks were to obtain information about satoshi and a few others directly in contact with him.

joker_josue

legendary

Activity: 1638

Merit: 4508

**In BTC since 2013**

Quote from: libert19 on September 03, 2023, 11:36:18 PM

My email was leaked in 2015 bitcointalk hack (previous account), and countless other platforms even then I don't receive much spam. I personally don't think having spam mails is a big deal, spam mails in most cases are obvious, and they giveaway so with their titles, you don't even have to open them.

Totally agree. And I don't remember receiving spam that has any reference to the forum.
What could have happened is that the email entered some database, and they received spam - which I don't even see - about some other subject. Personally, I am extremely selective about opening an email, even more so when clicking on a link.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: dzungmobile on September 03, 2023, 10:06:08 AM

The forum was hacked three times, not two times, in 2011, 2013 and 2015.
Details in Bitcointalk history of hacks and vandalism

I also thought that it was hacked only twice, because this is the first time I found out that the first hacking happened back in 2011, and it seems to me that maybe the biggest damage was done then, if we take into account that no one noticed the hack even 6 days, and that the hacker took over the Satoshi account. Fortunately, it was still the early days of the forum, because if something like that were to happen today, it would create a real circus.

Quote from: theymos on September 11, 2011, 12:17:26 AM

The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template.

libert19

hero member

Activity: 2464

Merit: 934

My email was leaked in 2015 bitcointalk hack (previous account), and countless other platforms even then I don't receive much spam. I personally don't think having spam mails is a big deal, spam mails in most cases are obvious, and they giveaway so with their titles, you don't even have to open them.

franky1

legendary

Activity: 4214

Merit: 4458

im not worried about the leak. funnily enough i use many email addresses . and the ones for here doesnt get much spam
yet another i used for a popular exchange gets like 12 spam emails a day.. and its a regulated exchange with all the certification of top security...
.. the problem is you are more likely to get scam and spam mail from services that sell your data.. not hacked services

the main reason is, if companies are paying for data, they will want ROI on their investments so are more likely to try selling you things you never asked for

a few tricks to learn
have several email addresses. mainly used for specific services only. that way you can narrow down the possible sources of who gave out your email.
if the spam gets too much, because its not affiliated with other services. you can easily change email with that one service and just abandon that email address

Nwada001

hero member

Activity: 574

Merit: 627

Some questions are really relevant to a few people like me who are not that old of a member and have not come across some threads that have detailed information regarding some things in the forum past the security bridge, as this has added to the little knowledge I have. Even if I have come across some of the forum details threads, I have not really read this email leakage part.

Leak or no leak I just prepare myself to receive emails from any scammer, provided that I have registered the email someplace. That's why it's good to register some things with just a specific email so that when you get some kind of mail, you know it's spam without even opening it, as you were not even expecting them in the first place.

PX-Z

hero member

Activity: 1428

Merit: 836

Top Crypto Casino

So it means you didn't change your email since 2015? Even after the hack? Theymos made a reminder to change account's password coz users might received future spam phishing mails.

Quote from: theymos on May 25, 2015, 10:39:49 AM

As such, you should change your password here and anywhere else you used that same password. You should disable your secret question and assume that the attacker now knows your answer to your secret question. You should prepare to receive phishing emails at your forum email address.

elevates

sr. member

Activity: 714

Merit: 390

Leading Crypto Sports Betting & Casino Platform

I was so surprised to read that user email address got compromised back in those days. In the time of AI and what not, does anyone think that the forum should think about forum version upgrade. I am not a software engineer but I can relate to issues that can come up in the future. For example there is a dedicated thread to detect AI written content. Whereas the mods are still trying to understand such a contents uniquess. In the end it would be a simple to compile a reason.

dzungmobile

sr. member

Activity: 658

Merit: 354

I stand with Ukraine!

Quote from: DYING_S0UL on September 03, 2023, 07:22:52 AM

It was mainly because of the attack of 2011 & 2013 where Bitcointalk data got leaked.

The forum was hacked three times, not two times, in 2011, 2013 and 2015.

Details in Bitcointalk history of hacks and vandalism

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Mr.right85 on September 03, 2023, 07:54:23 AM

it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case?

Nothing is completely safe. I guess you needed the wake-up call.

Mr.right85

hero member

Activity: 896

Merit: 645

Quote from: hosseinimr93 on September 03, 2023, 07:19:18 AM

There was an attack in 2011 in which the hacker gained administrative access to the forum. For more information about that attack, visit the topic created by theymos.
Info about the recent attack

There was also another attack which happened in 2013 and the attacker may have gained access to email addresses.
About the recent attack

Having to be reminded of these series of attacks haven’t taken place in about 3 occasions based on discoveries on this thread, it leads me to believe the forum isn’t completely safe as I would have liked to believe. Could that be the case?

What were the possible entry point for these hackers and
What was put in place to prevent future occurrences?

Seems probable accounts remains accounts within the 2011/2015 time frame for now. Even then, Bitcointalk haven’t gotten more recognition or interest in the minds of most, how about now!

DYING_S0UL

sr. member

Activity: 322

Merit: 318

The Alliance Of Bitcointalk Translators - ENG>BAN

It was mainly because of the attack of 2011 & 2013 where Bitcointalk data got leaked.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

There was an attack in 2011 in which the hacker gained administrative access to the forum. For more information about that attack, visit the topic created by theymos.
Info about the recent attack

There was also another attack which happened in 2013 and the attacker may have gained access to email addresses.
About the recent attack

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

Yes, one of the prior hacks of the forum leaked the members table, which includes the email address associated with each forum account at the time

TheButterZone

legendary

Activity: 3052

Merit: 1031

RIP Mommy

I just got a phishing spam, and as I was viewing the source prior to reporting it to ISPs, I saw a bunch of instances of "bitcointalk" before the @ sign in the To: email addresses. Ended up finding 7 by text search. So it seems these people were using site-specific email addresses; would be weird if they added "bitcointalk" for any other website...

Oop, yes there was https://haveibeenpwned.com/PwnedWebsites#BitcoinTalk & I checked all of them, they all matched as pwned from 2015.

Nevermind...

Topic: I forget, was there an email db leak for this forum? (Read 268 times)