What hacked accounts?
This.That.
Probably more.
Topic: Influx of Hacked Accounts - page 3. (Read 3671 times)
Alot of people use fake emails since no confirmation is needed when you signup, and what if i lost the password to the email that i signed up with?
They have a week to manually reset and update their email address. It is very irresponsible to setup an account and lose track of your throwaway email credentials. Any other accounts will be lost unless its a known member who can prove its them to theymos directly.
This would be a good opportunity to clear off many garbage shill accounts as well as they are more likely using fake email accounts.
Its not the end of the world if a few old anonymous accounts get frozen either and is a much better alternative than a bunch of compromised accounts start scamming people.
The hacked accounts make it pretty clear that either the passwords weren't salted,
What hacked accounts? What needs to happen for security is any accounts that do not have their password reset manually within a week should have their passwords revoked and automatically reset where they can only be recovered with an email being sent with a recovery link to the address on file.
Alot of people use fake emails since no confirmation is needed when you signup, and what if i lost the password to the email that i signed up with? I've already seen several suspicious accounts which I've noted down mentally.
The thing is, many old users left bitcointalk for a long time but they received an email saying they need to change their passwords, therefore an influx of old users will come back 
At least right now, peoples senses are heighted and will be more alert to anything suspicious. Im more worryied for when nothing major has happended and people forget about security protocol and send their Bitcoin without seeking the verification that they would right now.
Which happens all the time, I've escrowed a few people. And they all seem to just want to get the trade done as quick as possible. bar a few.
At least at this present moment in time, users have more than likely upgraded their passwords. There probably isn't too much to worry about for the majority. The hacker only had a few minutes, so was probably unlikely to get the whole dump. However, it should be treated as though he has obtained every bit of information.
Which happens all the time, I've escrowed a few people. And they all seem to just want to get the trade done as quick as possible. bar a few.
At least at this present moment in time, users have more than likely upgraded their passwords. There probably isn't too much to worry about for the majority. The hacker only had a few minutes, so was probably unlikely to get the whole dump. However, it should be treated as though he has obtained every bit of information.
There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
That's the idea, you should always stay alert. Knowing that a lot of accounts could be compromised right now you should stay extra vigilant. If you notice that someone is trying to take out a loan or sell something without escrow or collateral just don't fell for it. And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used
.Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos.
Exactly, it could be a possibility but we should stay always on alert.... why an old member should make a trade after his return here in the forum? This is the suspicious thing. Like someone told here in this thread, ask always a signed message from a bitcoin address and PGP key.
How long would it take for the hacker(s) to get a password from the password hash and salt they stole?
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
It would take them a few hours to hack all the users with weak passwords. And a few days for users with medium difficulty password. See on the table.
There would be no limit to them, because they already downloaded the database. They can test it on their pc offline.
global moderator
Activity: 3934
Merit: 2676
Join the world-leading crypto sportsbook NOW!
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used
.Which ones? Maybe a list should be compiled, though what Quickseller said in another thread will also be relevant that many older inactive members will be likely to return to change their passwords by the email they received from theymos.
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their know bitcoin address prove their identity.
That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil.
Theymos will not be recovering those accounts that cannot signed using their bitcoin address. Even so they can signed very few accounts will be restored as this is not theymos priority.
How long would it take for the hacker(s) to get a password from the password hash and salt they stole?
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
How many accounts could they hack in a given period of time?
There must be a limit on the number of accounts they can access, so I assume they will go for the most useful looking ones and ignore low ranks.
There shouldn't be a problem with using escrows and the like, they can sign an address they've used previously. Or verify with PGP. To be honest, before any escrow trade goes through regardless of the suspicious the account could be hacked or not verifying they are who they say they are should always be done prior to the trade.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
And, if you want to verify any other member, I'm sure sending them a message requesting a signature with a valid reason wouldn't be a problem for most users.
I would agree this could become an issue. When dealing with someone for a while after this it might be worth looking if there is a big gap in posting dates.
I don't know where this will lead. So many different and a little scary options. Will who ever use the accounts? Sell information for money? Send emails crafted to load malware to account specific emails? Go after IP address of miners looking for weakness? I hope we see nothing out of it and just are more cautious. But I have no idea what this will all lead to.
I don't know where this will lead. So many different and a little scary options. Will who ever use the accounts? Sell information for money? Send emails crafted to load malware to account specific emails? Go after IP address of miners looking for weakness? I hope we see nothing out of it and just are more cautious. But I have no idea what this will all lead to.
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their know bitcoin address prove their identity.
That's not the issue but now there might be many users who will claim their accounts as being hacked. Theymos will be having a tough time to recover these accounts and if these users have used their email accounts or bitcoin accounts with the same password, then chances of recovering their account is almost nil.
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Yeah I've seen some old accounts just started posting again today after years of not being used
. I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
It is not that hard, the users can still sign using their known bitcoin address prove their identity.
I have seen people claiming that their BCT and email accounts are hacked (their passwords were reset). Now it's getting difficult to even trust the old trusted members. Trading will be more difficult if any escrow's account was hacked.
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.
The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
The normal. Signed message via Bitcoin address or PGP.
Some people cant provide that. Lock all accounts untill their passwords are changed? Or maybe lock high rank accounts only until the password is changed, or only allow to unlock those accounts if proof of ownership is provided?
I have a feeling we will be seeing a lot of hacked accounts in the near future (abandoned but high ranked accounts for example). Stay alert guys!
Agreed, also be especially careful trading with people. Even if no one gets hacked, I foresee some people scamming, and then trying to claim they were hacked to waive their liability.
The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
The normal. Signed message via Bitcoin address or PGP.
It is always a good idea to take this precaution, however now it is even more important to verify this.
The thing is, how can we actually mitigate that risk? Say someone is trading with me, how can they be sure that a) I'm not hacked and b) the escrow we're using isn't hacked. Especially as the escrows will be the primary targets.
The normal. Signed message via Bitcoin address or PGP.
Jump to: