Topic: If your Mt. Gox account has been compromised, PLEASE READ. - page 2. (Read 34602 times)

Because every (semi-)private channel on the internet is Lulzsec.

Because I totally did not encourage users to change their passwords to something stronger and completely unlike their current password.

Because I am totally a completely evil person whose only mission in life is to gather statistics on passwords that are not used anymore, to throw them into my magical hat and magically get all new passwords and usernames of everyone in the universe!

Because trying to spread fear has worked the past few times something like this happened.

But noooo, you are here as a good saint to warn others about how evil I am, rather than trying to discredit me like several others are actively trying everywhere else.

Go do something constructive instead of accusing people of things they have no involvement with.

which refutes what, exactly? the entire chat log repeats the need for secrecy, as well as trusting no one outside the group of (privileged) individuals chatting in that room. connecting the dots is easy, and if a simpleton like me can follow the trail i'm sure others can too.

clearly, you're a smart man. you glanced at my post count and correctly guessed that i registered in order to warn fellow bitcoin users to be mindful of those trying to 'help,' all the while requesting or SEing information that could compromise their online accounts. the info you requested in your OP is so blatantly fishing for information that i thought it'd be wise to highlight that. seriously - asking if a compromised account contained passwords constituted of random characters and/or numbers, its length and Mt. Gox username? how bold!

capt. stu is out and should get some rest. shouldn't you, Joepie? the sun should be rising in a little bit for you too!

http://www.pastebin.com/QZXBCBYt

let's check the list -

topiary - check
sabu - check
Joepie - check


hope you are having a good morning! the log is quite entertaining.

Wow, you registered just to try and discredit me?

Let's start with the password information. First off, the very first thing that is recommended in the post is to change passwords, not reuse passwords and use a password with a different length. The reason I ask for this information is to find out what possible attack vectors were for compromised accounts. Second off, adding the questions about whether someone reused username or password elsewhere was on request of someone else (on IRC I believe).

Then the OS information. Yet again, this was to determine what attack vectors could have been used. If people using non-Windows systems, for example, got compromised as well, that would make a keylogger and/or other malware very unlikely.

Then on to the software. It's a bit sad I even have to explain this - obviously the question is whether the compromise may be due to Bitcoin-related software that someone has been running, that may have had malware attached to it.

Then the screenshot. The very line about the screenshot says it all. If you would have been involved in the community here even a bit (instead of registering a new account after Googling joepie91 or however you may have ended up here), you would have known that there were already several reports when this thread was made, and that their validity was disputed (was it a ploy by Tradehill? Or another exchange? Or was it people trying to discredit Bitcoin? etc etc). So obviously the next question is a screenshot to prove that it happened. Seeing as a screenshot does not have to contain anything besides the record of it being transfered away, this is not a problem privacy- or security-wise. It cannot even be used to track it back to other addresses from the same person, as coins going through Mt. Gox get mangled up.

Then the "looking for direct targets to hack" claim. I am a programmer / webdev, and not a cracker (which is the correct term for what you are talking about). My greatest "cracking" achievement to date is finding a vulnerability in Mt. Gox that makes use of a combination of two known techniques to compromise accounts with passwords with less than 6 characters (a vulnerability that I have, after days, STILL not received a response about from MagicalTux). I have absolutely no fucking clue whatsoever how to SQLi a site in such a way that I can actually do something - my knowledge ends at ' OR 1=1.

Then the most retarded claim of all - Lulzsec. First of all the allegations that I am a part of Lulzsec are complete bullshit, and so far all of these allegations originate from the same source - a "leaked" IRC log that was claimed to be from a Lulzsec channel. The only problem is that it wasn't a Lulzsec channel. Since then media, blogs and Twitter users, have been parrotting these allegations without any kind of actual proof - except for an IRC log that was not from the place it was claimed to be from.

Second off, there can be a million allegations of Lulzsec "being behind the Mt. Gox hack" - however, not only is that highly improbable (why would they fuck around with something they like and actively use?), but also is there absolutely zero proof whatsoever that that is the case. Innocent until proven guilty and all that.


Now consider the postcount of said user stubeans, consider his signup date, consider his countless allegations without any facts to support it (except for other alleged 'facts' that were themselves never proven), consider his hostile attitude, consider how he blindly copies the two capital letters in my nickname from a Twitter feed despite me not using any capital letters anywhere (indicating he has no idea who I actually am, and has never seen me anywhere before).

And now consider how unusual and full of bullshit said user is.


Seriously, go back to your troll cave.

for added info on JoePie91 - https://twitter.com/#!/TeaMp0isoN_

and there are allegations that lulzsec is behind the Mt. Gox hack. consider that info, then consider how unusual the initial post is.

let's think this out. if you are someone with access to the Mt. Gox data, including usernames and password hashes, wouldn't the bolded information be particularly useful for said individuals to bruteforce crack and abuse? there is zero reason why anyone would need to disclose this type of information on a public forum, and even less reason why anybody would ask of this type of data. why do you ask for specific data on the length of passwords, whether they were random, the character types contained, and whether their username is the same on here as on Mt. Gox?

furthermore, the request for OS type, bitcoin software and a screenshot of their account info? are you looking for direct targets to hack?

this, to me at least, screams of someone trying to social engineer more lulz and/or theft from data in their possession.

The form now has a check box to say you forgot your password. I was finally able to submit a claim after checking that box. I guess I was getting the message because someone changed my password.

arghh would be funny...but not really in the mood to laugh right now

Same here. Whats that supposed to mean? Has the claim site been hacked?

thanks for posting this information

Uh, what does he say? Here are some possibilities:

"thanks for the money"

"hasta la vista"

"in japan the hand can be used like a knife"

"please fill out the 6-page reimbursement form on page 32A of our user agreement and email it to /dev/null"

"anybody know good vacation spots?"

"i have been learning parasailing"

"want to see my new Boxster? it's red!"

"Je ne parle qu'un le francais"

"the Japanese legal system is fascinating"

"i am accepting a new position as chief financial advisor to President Mugabe"

I completed the claim process process earlier and I was told "Your account recovery request is pending review by our staff."

I wonder how long that will take?

Resolved in hours? You mean like the Sony Playstation Network hack? 

The fact that it hasn't been resolved in hours is a positive thing. We really don't want a *quick* fix for this situation, we want a *secure* fix. The MtGox system was was hacked, with funds and secure data stolen. Over 61,000 users have had their email and password publicly posted on the internet. While those passwords are encrypted, they are certainly breakable given some time.

Every user will need to have his account validated and a new password assigned before being able to access that account, with 61,000 users, that will take some time.

You also seem to be confusing MtGox with a real financial institution. It is not. MtGox started out as "Magic The Gathering Online eXchange", trading online game items. It has no backing (much like BitCoin itself) and no official guarantees (again, like BitCoin). I'm sure "he" is doing the best he can given the situation, it looks like every effort is being made to get us back to our accounts and back to business.

I was involved in a few Disaster Recovery (DR) situations for customers before and I know the amount of pressure admins and businesses are put under during that time. Believe me, in such cases, the last thing you want is for the business/admins to waste their time looking for PR rather than work non-stop on recovering the systems to a secure state. The fact that MagicalTux isn't around means that he's busy with the admins getting things together.

They keep updating their blog post and that's good enough for such situations. This is similar to how Amazon handles its EC2 cloud services when there disruptions: update every now & then while focusing on recovering the systems.

Same here. My account was compromised before mtgox shut down (password changed and email erased), were yours too?

Sill, it is taking an UNBELIEVABLY long time to fix this problem.

Mr. "MagicalTux" should have hired some more people or brought some talented executive into his organization before this point to be able to restore confidence.  Some kind of announcement like "we are bringing in this experienced, talented financial service expert/executive to help run our exchange because we have realized we can't do it right."

He clearly doesn't have what it takes to run the #1 exchange for a $100 million plus market cap currency.  Something like this security breach should have been resolved in HOURS, NOT DAYS.  This is a major unforgiveable failure and all you posters seeing it any other way must have ZERO experience in dealing with stocks, bonds, currency, and other exchanges/financial services companies.  Imagine if a sovereign nation's currency exchange went down for a week.  Or you bank sent you an e-mail saying "someone got $1000 taken from their online banking account, so no one can withdraw or deposit money until next week".  Amateur, unforgivable bullshit.  No excuses, Tux needs to get professional help.  I rest my case.

Thanks for the info. I made a claim at MtGox, don't know yet how much I lost.

Hello people,

I have about $900 invested in MtGox and although I panicked at first, following MtGox's updated page shows that they're really working hard on recovering everything and making sure their systems are up & running.

According to their page: https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback
they got compromised because of an auditor who had read-only access to their DB and his machine was infected. So the site itself wasn't hacked.

I just filed the claim process and all went well without errors. If you are getting errors, then consider putting a wrong password then put in as much info as you can for them to give your claim credit over other claims on your account. They're allowing multiple claims per account for that specific reason: In case someone changed your password before they took the site offline.

You can provide last used funds, transactions, documents and many other things.

Seeing how MtGox has been handling this and the amount of hard work they've put into it, I'm staying with them. Going to another exchange doesn't automagically solve the problem & their infrastructure might be even less secure, putting you at risk AGAIN!

I'm not promoting for MtGox. I simply appreciate the hard work put into recovering from this hellish situation.

Sorry to read this, all I can tell is that it worked for me.
Maybe you want to try it once again, as there's always the possibility of entering the wrong password.

Anyway, this message isn't something unusual, a lot of users are getting that error.
The problem is known and Mark Karpeles is working on it. (http://forum.bitcoin.org/index.php?topic=20653.msg258264#msg258264)
Just try again in a few hours.

And don't worry, trades won't resume until most of the users have claimed their accounts, which probably will take some days. I'm not even sure if Mt. Gox is going to be fully operating before the end of this week.