Topic: If your Mt. Gox account has been compromised, PLEASE READ. - page 5. (Read 34602 times)
Mt Gox and other Bitcoin markets ought to enable and encourage the use of some form of multi-factor authentication. I use a Yubikey in conjunction with my Lastpass account (Lastpass generates very strong, unique passwords for every site so I'm not concerned about my Mt Gox password providing access to anything else), and it's a fantastic and open source authentication system. Since Bitcoin is growing exponentially in usage and legitimacy, trading services should be growing with it and hardening their systems both on the code side, and on the user interaction side. Many banks offer or require multi-factor authentication, why shouldn't Bitcoin services?
I had nothing on MT gox thank god but I'm still waiting for a transfer from BC market.
Either that I'm still having generating block issues.
Either that I'm still having generating block issues.
1) I'm a brand new Bitcoin user with no Bitcoins. According to Mt. Gox, my brand new account and password were compromised, but there was nothing for any intruder to steal.
2) Password: 16+ characters, random, upper-case/lower-case letters, numbers, symbols. (I'm anal about passwords.)
3) I do not reuse any passwords on any account that has access to any financial transactions. This includes bank, payment processor, Bitcoin trading, and any online business where I do business. I save my passwords in a GPG-encrypted file, keep copies backed up various locations.
4) Mt. Gox currently indicates that the compromise was through the user account of an auditor who has read-only access to the system. They aren't sure how yet. My guess is either a spear phish (personalized "phish" email) claiming to be from Mt. Gox, or a trojan with a keylogger that stole their password.
This is scary. :/ However, I"m glad it happened now and not later. The entire Bitcoin system needs to be made both more secure and more easily usable while secure than it is currently. I would like to see Bitcoin gain wide acceptance and use outside of the geek world -- the human race needs a digital replacement for cash, and this is the best idea I've seen yet on how to do it. But I don't see that happening until the security of wallets is ensured (by encrypting them by default), and online trading and payment methods for Bitcoin approach the security of my bank's online banking system.
2) Password: 16+ characters, random, upper-case/lower-case letters, numbers, symbols. (I'm anal about passwords.)
3) I do not reuse any passwords on any account that has access to any financial transactions. This includes bank, payment processor, Bitcoin trading, and any online business where I do business. I save my passwords in a GPG-encrypted file, keep copies backed up various locations.
4) Mt. Gox currently indicates that the compromise was through the user account of an auditor who has read-only access to the system. They aren't sure how yet. My guess is either a spear phish (personalized "phish" email) claiming to be from Mt. Gox, or a trojan with a keylogger that stole their password.
This is scary. :/ However, I"m glad it happened now and not later. The entire Bitcoin system needs to be made both more secure and more easily usable while secure than it is currently. I would like to see Bitcoin gain wide acceptance and use outside of the geek world -- the human race needs a digital replacement for cash, and this is the best idea I've seen yet on how to do it. But I don't see that happening until the security of wallets is ensured (by encrypting them by default), and online trading and payment methods for Bitcoin approach the security of my bank's online banking system.
First post.
Thankfully I had nothing stolen because I took my coins out just yesterday cause I was afraid MtGox wasn't secure.
Here is what interested me. If you look at the leaked list of user accounts it has as the first user [email protected] Just a little investigative work finds that the first registered user of MtGox is actually Jed McCaleb, creator the the P2P program eDonkey2000!
What exactly does he have to do with MtGox and what does he know about this. Was MtGox his coding? I know MtGox stands for "Magic: The Gathering Online Exchange" and Jed's The Far Wilds looks just as dumb.
So is this a coincidence
or does he have something he would like to share with the rest of us?
Thankfully I had nothing stolen because I took my coins out just yesterday cause I was afraid MtGox wasn't secure.
Here is what interested me. If you look at the leaked list of user accounts it has as the first user [email protected] Just a little investigative work finds that the first registered user of MtGox is actually Jed McCaleb, creator the the P2P program eDonkey2000!
What exactly does he have to do with MtGox and what does he know about this. Was MtGox his coding? I know MtGox stands for "Magic: The Gathering Online Exchange" and Jed's The Far Wilds looks just as dumb.
So is this a coincidence
or does he have something he would like to share with the rest of us? Now that mtgox closed their exchange, how can I tell if I got hacked?
I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?
EDIT: Google Mail just asked me to verify myself due to suspicious activity. I did use the same 9 char. password as my email on mtgox.
I'm scared.
I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?
EDIT: Google Mail just asked me to verify myself due to suspicious activity. I did use the same 9 char. password as my email on mtgox.
I'm scared.
Yes, you are on the list, along with your gmail address, number 3419 out of 61,016 users listed at MtGox.
Understand that the passwords are not directly readable, and must be run through some fairly intense computational power to crack. Very similar to the way BitCoins are mined, actually. Takes a *long* time...
However, I had a 20 character password, using both letters and numbers, and exclusive to MtGox. Looks like my email address was changed in my account and I can't log into my account. I have to assume it lost.
Just change all your passwords that are similar and associated with that address.
qft
if they are a financial institution, they have to have fraud recovery efforts. He is trying to be legit, maybe he will come around when he thinks that hey I should have spent the money on security, now i have to pay for the breach.
But MtGox is not a financial institution. It is just a guy who started trading online game items, (Magic The Gathering Online eXchange) and progressed to BitCoins.
Hopefully he will and is financially able to do the right thing. If he doesn't try, MtGox as a BitCoin exchange is over. Of course, if things are as bad as some people are hypothesizing, MtGox is finished anyway.
Let's hope things work out.
How much funds did you lose?
17 BTC and a dollar value of under one dollar.
To what address were your stolen funds sent?
There is no way to check, as I couldn't log in with my email address.
What OS are you using (Windows, Linux, Mac OSX ...)?
Windows 7, all updates current.
How long was your old password?
20 characters.
Was your old password random?
Not random, but generally considered "strong". Certainly not guessable.
Was your username the same on Mt. Gox as on the forum?
This is my first post, having just registered for this topic. Same as DeepBit though...
Did you use your Mt. Gox password somewhere else?
No, but a 10 character variation of it was used at DeepBit. Now changed.
Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
A mix of lowercase and numbers.
Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
Only GUIMiner v2011-05-21
Please also include a screenshot if possible so we know it's a real report.
No screenshot available, as the MtGox account is inaccessible. I reregistered at MtGox and sent in a ticket describing my situation.
17 BTC and a dollar value of under one dollar.
To what address were your stolen funds sent?
There is no way to check, as I couldn't log in with my email address.
What OS are you using (Windows, Linux, Mac OSX ...)?
Windows 7, all updates current.
How long was your old password?
20 characters.
Was your old password random?
Not random, but generally considered "strong". Certainly not guessable.
Was your username the same on Mt. Gox as on the forum?
This is my first post, having just registered for this topic. Same as DeepBit though...
Did you use your Mt. Gox password somewhere else?
No, but a 10 character variation of it was used at DeepBit. Now changed.
Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
A mix of lowercase and numbers.
Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
Only GUIMiner v2011-05-21
Please also include a screenshot if possible so we know it's a real report.
No screenshot available, as the MtGox account is inaccessible. I reregistered at MtGox and sent in a ticket describing my situation.
I got a gmail notification about account security compomised, meaning someone attempted to password guess their way through google, meaning my shit was in the leak.
Thankfully I use a different password for erryting.
I believe a Bitcoin community member that is working for / related to Google, has flagged all the Gmail accounts in the leaked database, to prevent breakins. Thankfully I use a different password for erryting.
Anyone tried 1Password? I've been looking at getting that.
Personally I've been using LastPass over over year and am quite happy with it. They also have smart phone apps for all platforms I think. If you're an Android user, there's even a LastPass plugin for the Dolphin web browser.
Just my 2 DoBits. You can keep the change.
how the hell do I know tradehill can't get hacked
You don't.There is risk with no insurance.
Welcome to Bitcoin.
how the hell do I know tradehill can't get hacked
I heard TradeHill's referral codes use to give 30% discounts, now they are only 10%.
Screw MtGox, moving my money to Tradehill. Used code TH-R15720 when signing up to get reduced fees.
How do you know Tradehill is any more secure than Mt. Gox?Quite a lot of people using this opportunity to have people flock to Tradehill (which has no guarantees of being secure either), conveniently including a referal code (which smells a lot like referal spamming.)
Now that mtgox closed their exchange, how can I tell if I got hacked?
I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?
EDIT: Google Mail just asked me to verify myself due to suspicious activity. I did use the same 9 char. password as my email on mtgox.
I'm scared.
I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?
EDIT: Google Mail just asked me to verify myself due to suspicious activity. I did use the same 9 char. password as my email on mtgox.
I'm scared.
Has anybody been able to confirm that their account balances at MtGox are safe? I have a small about of BTC there (ready for sale - more than 1, less than 10). It's only a small amount (as I don't yet trust MtGox) and I moved it there last week.
I am a newbie, and I'm just experimenting with purchases and sales of smaller amounts before investigating the currency further. The recent events at MtGox are indeed troubling... I hope they haven't lost my BTC...
I am a newbie, and I'm just experimenting with purchases and sales of smaller amounts before investigating the currency further. The recent events at MtGox are indeed troubling... I hope they haven't lost my BTC...
Screw MtGox, moving my money to Tradehill. Used code TH-R15720 when signing up to get reduced fees.
Update: Mt. Gox was compromised, the database of users was released. I believe the thread here was removed, but many people will probably be able to verify it.
Change your passwords now.
I told you so
Change your passwords now.
I told you so
As I said, there is no use to change your password if it will be hacked again.
What just happened is just not serious. It's such a fucking joke I can't believe it.
I would recommend to get out of there and go somewhere else.
If those people can not secure their web server, they should be responsible for it and assume the consequences.
Hey hey…
I believe people at MTGOX are little stupid kids.
Do not change your password.
Just delete your damn MT GOX account and go find a more trustworthy site.
I've just downloaded that CSV file with all the informations, I can't believe it.
Mt GOX IS NOT SECURE.
Mt Gox is a fucking security hole and you'd better get out of there quick.
For instance, try Trade Hill.
Nice referal link spam, bro.I believe people at MTGOX are little stupid kids.
Do not change your password.
Just delete your damn MT GOX account and go find a more trustworthy site.
I've just downloaded that CSV file with all the informations, I can't believe it.
Mt GOX IS NOT SECURE.
Mt Gox is a fucking security hole and you'd better get out of there quick.
For instance, try Trade Hill.
Also, personally I would advise people to use an exchange that runs on an open-source platform. Tradehill (and most other exchanges) are just yet another proprietary platform of which you have no guarantees regarding security. You can not look through the code (noone can, really), and will have to blindly believe that they can not be compromised.
Anyone tried 1Password? I've been looking at getting that.
I like how the orginial thread was removed. Cover up or what?
weaksauce imo
weaksauce imo
Update: Mt. Gox was compromised, the database of users was released. I believe the thread here was removed, but many people will probably be able to verify it.
Change your passwords now.
I told you so
Change your passwords now.
I told you so
As I said, there is no use to change your password if it will be hacked again.
What just happened is just not serious. It's such a fucking joke I can't believe it.
I would recommend to get out of there and go somewhere else.
If those people can not secure their web server, they should be responsible for it and assume the consequences.
Jump to: