Topic: Influx of Hacked Accounts - page 2. (Read 3684 times)

Quote from: Mt.Gox Support on May 25, 2015, 04:50:06 PM

about 80% of accounts here have a fake email address set. People are reluctant to use real email addresses so they can stay anonymous. Only thing people can do is log in and change their password before the hacker can crack it.

Some of those 80% will still have access to the fake/throwaway email accounts, some wont. It takes 5 minutes to setup a spare email account for security / spam and it only needs to be checked 1 a year to make sure it remains active. Anyone that isn't maintaining these accounts in a password manager is irresponsible and deserves to become a newbie again.

no i mean 80% of the emails are invalid, they aren't temporary emails, they are invalid that bounce emails back. Most people just entered [email protected] or similar, the email accounts don't exist. The only authentication the forum has is password/security question, email is no good for us, even satoshi's account has an invalid email.

I thought we knew Satoshi's (since hacked) email? Or are you saying he didn't even use that one on here?

thebigtalk

sr. member

Activity: 350

Merit: 250

Bitcoin and co.

Some tips to avoid being scammed by hacked accounts:
1. Check their activity such as fprum posts. Check the date of the user's last post and see if that user has been active in the past few weeks.. Abandoned accounts will have a long gap on their posts.

Feel free to add anything to help others and newbies.

Mt.Gox Support

vip

Activity: 308

Merit: 250

Quote from: Mt.Gox Support on May 25, 2015, 04:50:06 PM

about 80% of accounts here have a fake email address set. People are reluctant to use real email addresses so they can stay anonymous. Only thing people can do is log in and change their password before the hacker can crack it.

Some of those 80% will still have access to the fake/throwaway email accounts, some wont. It takes 5 minutes to setup a spare email account for security / spam and it only needs to be checked 1 a year to make sure it remains active. Anyone that isn't maintaining these accounts in a password manager is irresponsible and deserves to become a newbie again.

no i mean 80% of the emails are invalid, they aren't temporary emails, they are invalid that bounce emails back. Most people just entered [email protected] or similar, the email accounts don't exist. The only authentication the forum has is password/security question, email is no good for us, even satoshi's account has an invalid email though that is likely on purpose.

Mt.Gox Support

vip

Activity: 308

Merit: 250

Protect all which accounts? The ones posting here now? Or the accounts on the db dumps? Those probably changed hands a few times by now.

If Theymos changes all passwords and drops the security question table and prompts the users to reset via email on file the only vulnerable accounts will be those that have the same password /security question for their email as here and fail to respond timely.

about 80% of accounts here have a fake email address set. People are reluctant to use real email addresses so they can stay anonymous. Only thing people can do is log in and change their password before a hacker can crack it.

Mt.Gox Support

vip

Activity: 308

Merit: 250

Quote from: tarsua on May 25, 2015, 04:35:45 PM

>Yeah I've seen some old accounts just started posting again today after years of not being used Sad.

How is this going to change above? The hacked accounts make it pretty clear that either the passwords weren't salted, or the hackers managed to do much more than garb a db of password hashes & emails. Theymos did say he was rooted :

You cannot assume Theymos is lying and the database wasn't salted. We don't know if the security question was encrypted and salted as well.

I'm assuming nothing. Merely laying out the possibilities, so that they could be eliminated, one by one. In other words, theymos is not lying, the passwords were salted, which leaves only one plausible explanation for shitloads of VIP accounts flooding online: The hackers got a lot more than password hashes & emails.

Quote

Any old accounts compromised likely used easy passwords or easy security questions.

VIP accounts in a forum that's all about privicy, security & crypto? You sure?

Quote

Forcing a password reset where the recovery must happen through email will protect all those accounts unless the user were ignorant enough to use the same password for their email account as here.

Protect all which accounts? The ones posting here now? Or the accounts on the db dumps? Those probably changed hands a few times by now.

You can still crack salted passwords you know.... you just can't use a rainbow table to speed up the process.

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

I reviewed a few of his posts, i wouldn't say his English is "very fluent" and why did you give him negative trust without being sure he is a hacker?

He would have received negative trust for his scams in the past, anyway. And when it comes to the trust system, I'm always in favor of shooting first and asking questions later. Negative trust can be easily revoked, but a successful scammer will not return the money Wink

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: Mt.Gox Support on May 25, 2015, 04:32:15 PM

You are next. enjoy.

I'll be back. Cool

tarsua

sr. member

Activity: 266

Merit: 250

Quote from: qwk on May 25, 2015, 04:30:24 PM

Quote from: tarsua on May 25, 2015, 04:19:19 PM

Quote from: qwk on May 25, 2015, 04:30:24 PM

This.
That.
Probably more. Roll Eyes

for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back

About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong Wink

I reviewed a few of his posts, i wouldn't say his English is "very fluent" and why did you give him negative trust without being sure he is a hacker?

Mt.Gox Support

vip

Activity: 308

Merit: 250

Quote from: tarsua on May 25, 2015, 04:19:19 PM

Quote from: tarsua on May 25, 2015, 04:19:19 PM

This.
That.
Probably more. Roll Eyes

for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back

About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong Wink

You are next. enjoy.

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: qwk on May 25, 2015, 04:21:00 PM

This.
That.
Probably more. Roll Eyes

for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back

About the first: the account was originally in possession of a German, who started a service that soon turned into (possibly) the second largest ponzi here at bitcointalk. He claimed to have sold the account to another German, who then claimed to have sold to a Russian. Nobody knows if the original account ever changed owners in the first place. But today, the account came back with a very fluent English speaker, potentially with a Dutch origin. Paranoid I may be, but that does not mean that I'm wrong Wink

Mt.Gox Support

vip

Activity: 308

Merit: 250

Quote from: Quickseller on May 25, 2015, 04:16:47 PM

It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.

IDK. They just happen to be the ones I keep an extra eye on.
Theymos mentioned that weak passwords would require dedicated brute force to be hacked.
I guess that's what the attacker is doing. Obviously going for the most valuable accounts first.

The attacker is sleeping right now. he has no idea the shitstorm he is going to wake up to.

Mt.Gox Support

vip

Activity: 308

Merit: 250

Fond memories:
https://www.youtube.com/watch?v=LKrOHAfMdxI

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: Quickseller on May 25, 2015, 04:16:47 PM

It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.

IDK. They just happen to be the ones I keep an extra eye on.
Theymos mentioned that weak passwords would require dedicated brute force to be hacked.
I guess that's what the attacker is doing. Obviously going for the most valuable accounts first.

Mt.Gox Support

vip

Activity: 308

Merit: 250

Quote from: alani123 on May 25, 2015, 04:18:24 PM

I wonder why the hackers targeting those high ranked accounts are coming out as such obvious trolls. Perhaps they deemed them not worthy? I wonder if more accounts were hacked and are going to be sold in a stealthy way.

The only people who sell accounts and scam here are kids. If you know some stuff about hacking you wouldn't stick around here for more than occasional trolling. Better targets out there than bitcoiners, and stealing from bitcoiners is a real douchebag move.

tarsua

sr. member

Activity: 266

Merit: 250

>Yeah I've seen some old accounts just started posting again today after years of not being used Sad.

How is this going to change above? The hacked accounts make it pretty clear that either the passwords weren't salted, or the hackers managed to do much more than garb a db of password hashes & emails. Theymos did say he was rooted :

You cannot assume Theymos is lying and the database wasn't salted. We don't know if the security question was encrypted and salted as well.
Any old accounts compromised likely used easy passwords or easy security questions.

Forcing a password reset where the recovery must happen through email will protect all those accounts unless the user were ignorant enough to use the same password for their email account as here.

its not a matter of having throwaway emails, its a matter of not having made an email at all, just putting something where you should put your email address.

Most of those are probably shill accounts... what type of idiot doesn't spend 5 minutes to create an extra throwaway email for security or spam? Any person that doesn't do this and fails to reset in a week deserves to become a newbie again.

I am sure there may be 1-2 anonymous heroes accounts who have to become newbies again. That is a small price to pay for good security.

well its either using a fake non-existent email or using a fake email which u wont remember the credentials for or arrange an hour a week to clear spam out of your email, the first is the obvious winner

Quote from: marcotheminer on May 25, 2015, 01:06:03 PM

What hacked accounts?

This.
That.
Probably more. Roll Eyes

for the first you are just paranoid that he doesnt have a username and that he hasnt posted in some time, if you look at his post history, a few years ago, most of his posts were in the german section, although he speaks english now, if you look closely, it is obviously not his first language, he probably received the email today and decided that he will come back

alani123

legendary

Activity: 2422

Merit: 1451

Leading Crypto Sports Betting & Casino Platform

I wonder why the hackers targeting those high ranked accounts are coming out as such obvious trolls. Perhaps they deemed them not worthy? I wonder if more accounts were hacked and are going to be sold in a stealthy way.

notlist3d

legendary

Activity: 1456

Merit: 1000

I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!

Well sadly you appear to be 100 percent right - https://bitcointalksearch.org/topic/m.11449580

It's sad but appears possibly it will turn into a trolling war.

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: Mt.Gox Support on May 25, 2015, 04:15:25 PM

Such slander. MtGox has the best security practices ever.

Care to at least share your story of how you came into control of this otherwise absolutely worthless account? Wink

Quickseller

copper member

Activity: 2996

Merit: 2374

What hacked accounts?

This.
That.
Probably more. Roll Eyes

It seems that the primary target (at least so far) of hacked accounts has been VIP accounts.

At first I was going to argue that the MtGox account was not hacked (it still shows a MtGox email address and it's password was reset via email), however it would be possible that he logged into the account, changed the email address, reset the password via email, then changed the email back.

It is not surprising to see a MtGox account having a weak password Cheesy

Mt.Gox Support

vip

Activity: 308

Merit: 250