IMPORTANT ★ Your password may have been stolen!!! - page 7.

MinerHQ

legendary

Activity: 1456

Merit: 1023

Quote from: JanpriX on May 05, 2017, 06:16:24 PM

Thank you for providing us this very vital news/information regarding the malicious attempt to your site. It is always good when an owner of a dice site (or any other bitcoin-related site) comes to public to provide very important information about its user's safety regarding its account. This just proves that these owners are very serious regarding their website's security and take responsibility to whatever happens in their site and their userbase.

Also, it will be good if the admin comes to know these kinds of things then should immediately ask their users to change passwords to protect their accounts. Whether accounts are hacked or not all accounts will be safe after they change a password. The site looks like still under maintenance.

JanpriX

hero member

Activity: 1708

Merit: 606

Buy The F*cking Dip

Thank you for providing us this very vital news/information regarding the malicious attempt to your site. It is always good when an owner of a dice site (or any other bitcoin-related site) comes to public to provide very important information about its user's safety regarding its account. This just proves that these owners are very serious regarding their website's security and take responsibility to whatever happens in their site and their userbase.

klf

legendary

Activity: 1344

Merit: 1000

Quote from: coolncool on May 05, 2017, 09:56:42 AM

Quote from: Baryom on May 05, 2017, 09:45:26 AM

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

or

- Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,

Dear Bitsler admin,

Why you keep lying to your clients? 200 accounts, really?

I send you another 3k accounts

Link: https://pastebin.com/UqeswH7N

I don't know whether these accounts belong to bitsler or not because only admin can confirm or account owners of these accounts can confirm. But the site has given to secure your account with 2fa function then users should use it to protect their account. If any of these security breaches happen still your account will be safe. Always be safe in online.

Anyway bitsler admin already updating site and our accounts we will be more safer now onwards.

Baryom

hero member

Activity: 1260

Merit: 578

Bitsler's Admin and Bitsler's rules btslr.co/2612K

Quote from: Baryom on May 05, 2017, 04:30:11 AM

Hello guys,

We will make an update at midday (GMT Time, in 2hours 30 minutes) It will last few hours.

- New deposit/withdrawal system :More instant deposits, withdrawal fee with estimation in block before confirmation.
- Password recovery by email (except for VIPs) (set an email to get this option)
- Protection against hacking : Email confirmation if a new IP address login to your account (set an email to get this option)
- New chat features
- New connected list with your friends and followers
- Fixed a lot of small bugs
- New FAQ
- New catpcha
- New tags

We are sorry for the inconvenience.

Cheers,

This is the planned maintenance yes.

Lutpin

copper member

Activity: 1904

Merit: 1874

Goodbye, Z.

Quote from: Baryom on May 05, 2017, 09:45:26 AM

Bitsler will be releasing a planned update soon that will add more security futures and options for players to better protect themselves

Is that the maintenance you're currently performing?

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

That certainly is a possibility.Considering bitsler uses shill accounts to upvote their polls and often requests newbie shill accounts to praise their website to get the traffic,it's pretty much possible for them to do whatever it takes to let their competition down.
@safedice,how your tool works ? How does it cross verify if the accounts are actually hacked ?

Slark

legendary

Activity: 1862

Merit: 1004

Quote from: edmundduke on May 05, 2017, 01:20:45 PM

Could very well be from the Bitcointalk leak

Could be, but it is less likely to be.

Bitcointalk breach was quite long time ago, if I remember well it was in May 2015. Why someone would be waiting so long to use this database just now?
And it is safe to assume that every active Bitcointalk user changed password since that time.

edmundduke

legendary

Activity: 1624

Merit: 1007

Quote from: SafeDice on May 05, 2017, 09:50:50 AM

Quote from: Slark on May 05, 2017, 08:54:12 AM

Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?

I don't store plain text password, and the encryption that I use is invulnerable to rainbow attack. My theory is that the breached service ( it doesn't have to be dice / casino site ) is not a new service, it has more than 10k active bitcoin users. One of the potentially breached account was from an old user of Safedice that I know, this is the reason of my concern.

So far I don't think there was any report linked to this case. I think most of the breached account that does not use 2FA has very low balance.

Quote from: 7788bitcoin on May 05, 2017, 09:01:31 AM

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

Quote from: moooonu on May 05, 2017, 09:26:57 AM

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

I considered this one, but I prefer our users to be anonymous. I have disabled withdrawal for suspicious account.

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

I don't want to accuse anyone , I'll leave any judgement to the community

Could very well be from the Bitcointalk leak

d0flaming0

sr. member

Activity: 402

Merit: 250

That would also be nice and i think that makes it more safer than ever. As for me I am currently using different types of passwords from my accounts and sometimes when it has 2FA I am using it for security purposes. Sometimes i always forgot my passwords but luckily i have back-up email address where i can request for a new one which is a password that i can remember easily, as what they have suggested its also good to have or to add email because maybe one day it can be use.

salsa321

hero member

Activity: 698

Merit: 503

Substantiate your success.

i really appreciate with that tool,but maybe for more better and safe.
i think you should be added email section for safe in future

just advice.
because ur site name is safedice,right?

gracias

coolncool

newbie

Activity: 10

Merit: 0

If anyone is interested, i'm willing to sell 35k user accounts for bitsler website.

Pm if you are interested in buying.

~

coolncool

newbie

Activity: 10

Merit: 0

Quote from: Baryom on May 05, 2017, 09:45:26 AM

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

or

- Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,

Dear Bitsler admin,

Why you keep lying to your clients? 200 accounts, really?

I send you another 3k accounts

Link: https://pastebin.com/UqeswH7N

SafeDice

sr. member

Activity: 422

Merit: 250

SafeDICE.com

Quote from: Slark on May 05, 2017, 08:54:12 AM

Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?

I don't store plain text password, and the encryption that I use is invulnerable to rainbow attack. My theory is that the breached service ( it doesn't have to be dice / casino site ) is not a new service, it has more than 10k active bitcoin users. One of the potentially breached account was from an old user of Safedice that I know, this is the reason of my concern.

So far I don't think there was any report linked to this case. I think most of the breached account that does not use 2FA has very low balance.

Quote from: 7788bitcoin on May 05, 2017, 09:01:31 AM

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

Quote from: moooonu on May 05, 2017, 09:26:57 AM

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

I considered this one, but I prefer our users to be anonymous. I have disabled withdrawal for suspicious account.

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

I don't want to accuse anyone , I'll leave any judgement to the community

Baryom

hero member

Activity: 1260

Merit: 578

Bitsler's Admin and Bitsler's rules btslr.co/2612K

Quote from: cadet.techno on May 05, 2017, 09:20:46 AM

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

or

- Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,

EDIT : These username/password combinations are not leaked, they are stolen. Only a player knows the password of his/her account and no one else(including staff because all passwords are encrypted), unless if these scam scripts/sites that steal a players information are being used, then the list will keep on growing

Bitsler will be releasing a planned update soon that will add more security futures and options for players to better protect themselves, but in the end it is up to the user to secure his/her account with the tools provided. It is advised that all players update their passwords, use 2FA if able, and not use random scripts from strangers or websites guaranteeing "100% winning results" because they are lies used to attract people that are new to gambling.

cadet.techno

brand new

Activity: 0

Merit: 0

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

moooonu

hero member

Activity: 560

Merit: 500

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

7788bitcoin

legendary

Activity: 2282

Merit: 1023

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

Slark

legendary

Activity: 1862

Merit: 1004

Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?

SafeDice

sr. member

Activity: 422

Merit: 250

SafeDICE.com

=== disclaimer before I go into detail : this case has nothing to do with Safedice ===

As a dice site owner (SAFEDICE.COM), recently I noticed on my log that there were many failed sign in attempts ( thousand of them ). Those failed attempts were using a username that does not exists on our database. However, there were also many correct attempts, probably around 20% of them.

This is not a brute force attack, since each trial use a different combination of username and password. Not to mention that brute force attack will be rejected by our server. the attacker seems to have a list of username and password, this make it difficult for me to differentiate between an attack and normal login. I have a strong suspicion that the list was acquired from another bitcoin site.

To all of you concerned with the safety of your account, whether its on SafeDice or another site, please always use 2FA and different password for each site.

I have just created a tool for SafeDice users to check if there was suspicious login attempt on their account. You can type /amisafe in the chat room, the server will reply you with the result. For those of you just want to check your username, you can just sign up and check immediately.

Again I strongly encourage everyone in bitcoin community to use 2FA whenever possible, and if there is any other bitcoin site owner has information about this please share this information.

Topic: IMPORTANT ★ Your password may have been stolen!!! - page 7. (Read 5491 times)