Pages:
Author

Topic: IMPORTANT ★ Your password may have been stolen!!! - page 7. (Read 5509 times)

legendary
Activity: 1456
Merit: 1023
Thank you for providing us this very vital news/information regarding the malicious attempt to your site. It is always good when an owner of a dice site (or any other bitcoin-related site) comes to public to provide very important information about its user's safety regarding its account. This just proves that these owners are very serious regarding their website's security and take responsibility to whatever happens in their site and their userbase.

Also, it will be good if the admin comes to know these kinds of things then should immediately ask their users to change passwords to protect their accounts. Whether accounts are hacked or not all accounts will be safe after they change a password. The site looks like still under maintenance.
hero member
Activity: 1708
Merit: 606
Buy The F*cking Dip
Thank you for providing us this very vital news/information regarding the malicious attempt to your site. It is always good when an owner of a dice site (or any other bitcoin-related site) comes to public to provide very important information about its user's safety regarding its account. This just proves that these owners are very serious regarding their website's security and take responsibility to whatever happens in their site and their userbase.
klf
legendary
Activity: 1344
Merit: 1000
I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

 or
 
-  Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,

Dear Bitsler admin,

Why you keep lying to your clients? 200 accounts, really?

I send you another 3k accounts Smiley

Link: https://pastebin.com/UqeswH7N





I don't know whether these accounts belong to bitsler or not because only admin can confirm or account owners of these accounts can confirm. But the site has given to secure your account with 2fa function then users should use it to protect their account. If any of these security breaches happen still your account will be safe. Always be safe in online.

Anyway bitsler admin already updating site and our accounts we will be more safer now onwards.
hero member
Activity: 1260
Merit: 578
Bitsler's Admin and Bitsler's rules btslr.co/2612K
Hello guys,

We will make an update at midday (GMT Time, in 2hours 30 minutes) It will last few hours.


- New deposit/withdrawal system :More instant deposits, withdrawal fee with estimation in block before confirmation.
- Password recovery by email (except for VIPs)  (set an email to get this option)
- Protection against hacking : Email confirmation if a new IP address login to your account (set an email to get this option)
- New chat features
- New connected list with your friends and followers
- Fixed a lot of small bugs
- New FAQ
- New catpcha
- New tags


We are sorry for the inconvenience.

Cheers,

This is the planned maintenance yes.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
Bitsler will be releasing a planned update soon that will add more security futures and options for players to better protect themselves
Is that the maintenance you're currently performing?
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.
That certainly is a possibility.Considering bitsler uses shill accounts to upvote their polls and often requests newbie  shill accounts to praise their website to get the traffic,it's pretty much possible for them to do whatever it takes to let their competition down.
@safedice,how your tool works ? How does it cross verify if the accounts are actually hacked ?
legendary
Activity: 1862
Merit: 1004
Could very well be from the Bitcointalk leak
Could be, but it is less likely to be.

Bitcointalk breach was quite long time ago, if I remember well it was in May 2015. Why someone would be waiting so long to use this database just now?
And it is safe to assume that every active Bitcointalk user changed password since that time.
legendary
Activity: 1624
Merit: 1007
Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?


I don't store plain text password, and the encryption that I use is invulnerable to rainbow attack. My theory is that the breached service ( it doesn't have to be dice / casino site ) is not a new service, it has more than 10k active bitcoin users. One of the potentially breached account was from an old user of Safedice that I know, this is the reason of my concern.

So far I don't think there was any report linked to this case. I think most of the breached account that does not use 2FA has very low balance.

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

I considered this one, but I prefer our users to be anonymous. I have disabled withdrawal for suspicious account.

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

I don't want to accuse anyone , I'll leave any judgement to the community

Could very well be from the Bitcointalk leak
sr. member
Activity: 402
Merit: 250
That would also be nice and i think that makes it more safer than ever. As for me I am currently using different types of passwords from my accounts and sometimes when it has 2FA I am using it for security purposes. Sometimes i always forgot my passwords but luckily i have back-up email address where i can request for a new one which is a password that i can remember easily, as what they have suggested its also good to have or to add email because maybe one day it can be use.
hero member
Activity: 698
Merit: 503
Substantiate your success.
i really appreciate with that tool,but maybe for more better and safe.
i think you should be added email section for safe in future Smiley just advice.
because ur site name is safedice,right? Smiley
gracias
newbie
Activity: 10
Merit: 0
If anyone is interested, i'm willing to sell 35k user accounts for bitsler website.

Pm if you are interested in buying.

~
newbie
Activity: 10
Merit: 0
I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

 or
 
-  Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,

Dear Bitsler admin,

Why you keep lying to your clients? 200 accounts, really?

I send you another 3k accounts Smiley

Link: https://pastebin.com/UqeswH7N



sr. member
Activity: 422
Merit: 250
SafeDICE.com
Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?


I don't store plain text password, and the encryption that I use is invulnerable to rainbow attack. My theory is that the breached service ( it doesn't have to be dice / casino site ) is not a new service, it has more than 10k active bitcoin users. One of the potentially breached account was from an old user of Safedice that I know, this is the reason of my concern.

So far I don't think there was any report linked to this case. I think most of the breached account that does not use 2FA has very low balance.

Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?

You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.

I considered this one, but I prefer our users to be anonymous. I have disabled withdrawal for suspicious account.

I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

I don't want to accuse anyone , I'll leave any judgement to the community
hero member
Activity: 1260
Merit: 578
Bitsler's Admin and Bitsler's rules btslr.co/2612K
I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.

Hey newbie account from hacker,

99% of the accounts which have been hacked have used :

- a fake bot : "Bitsler bot 2017" or "Primedice bot 2017"or other bots DO NOT DO IT.

 or
 
-  Put their nickname/username in tis fake link giveaway https://freebitslerbtc.000webhostapp.com/index.html. DO NOT DO IT.

The link's owner (you I think so) tried to extort money from us. I told him that I wanted to know the "issue" first then I will give him a bounty bug and if the 200 accounts that he had the details came from a bot/fake link I won't give anything. He didn't give us anything.

By the way, we have more than 1,500,000 accounts on Bitsler.

Cheers,


EDIT : These username/password combinations are not leaked, they are stolen. Only a player knows the password of his/her account and no one else(including staff because all passwords are encrypted), unless if these scam scripts/sites that steal a players information are being used, then the list will keep on growing

Bitsler will be releasing a planned update soon that will add more security futures and options for players to better protect themselves, but in the end it is up to the user to secure his/her account with the tools provided. It is advised that all players update their passwords, use 2FA if able, and not use random scripts from strangers or websites guaranteeing "100% winning results" because they are lies used to attract people that are new to gambling.
brand new
Activity: 0
Merit: 0
I think the breach was from Bitsler.com . The admin doesn't want to reveal, but there are some account leaks happening from Bitsler website. Over 17k accounts plain text had been leaked here and another places.

I think this is very dangerous for the Bitcoin community, and bitsler admin should take some action! Many bitsler users are claiming they got their account hacked and I had my bitsler accounts stolen too.
hero member
Activity: 560
Merit: 500
You can use ip to verify if those accounts were opened from the ip user most often use to sign in. Otherwise send a confirmation msg to the user's email so that they can open the account from the link sent to their email or lock that account and post a notification on your site that any user who's account locked can contact you or support to get them unlock with some details like email or btc address he oftenly withdraws to.
legendary
Activity: 2282
Merit: 1023
Any further information re the source of these failed login attempts? Perhaps an email confirmation before withdrawal will help? or maybe withdrawal only allowed for logins using ip addresses from the same country/region?
legendary
Activity: 1862
Merit: 1004
Thanks for letting us know. You could always be silent about this issue and avoid potential PR problems.

If SafeDice wasn't compromised by any form of attack, then do you have any suspicion or theory which other casino/dice service was breached?
Was there any reports from users who complained that their online balance was stolen recently or they noted other suspicious activity?
sr. member
Activity: 422
Merit: 250
SafeDICE.com
=== disclaimer before I go into detail : this case has nothing to do with Safedice ===

As a dice site owner (SAFEDICE.COM), recently I noticed on my log that there were many failed sign in attempts ( thousand of them ). Those failed attempts were using a username that does not exists on our database. However, there were also many correct attempts, probably around 20% of them.

This is not a brute force attack, since each trial use a different combination of username and password. Not to mention that brute force attack will be rejected by our server. the attacker seems to have a list of username and password, this make it difficult for me to differentiate between an attack and normal login. I have a strong suspicion that the list was acquired from another bitcoin site.

To all of you concerned with the safety of your account, whether its on SafeDice or another site, please always use 2FA and different password for each site.

I have just created a tool for SafeDice users to check if there was suspicious login attempt on their account. You can type /amisafe in the chat room, the server will reply you with the result. For those of you just want to check your username, you can just sign up and check immediately.

Again I strongly encourage everyone in bitcoin community to use 2FA whenever possible, and if there is any other bitcoin site owner has information about this please share this information.
Pages:
Jump to: