Pages:
Author

Topic: Is this a security issue? Massive worker un & pw list found through google ... - page 2. (Read 4076 times)

full member
Activity: 224
Merit: 100
lol! i thought that was my database!
hero member
Activity: 609
Merit: 500
oh holy hell, I hope people didn't use these logins/passwords for their mtgox account.  I'm glad I'm not on the list Wink   But if I we're, the only thing I have on mtgox right now is .0034 btc
full member
Activity: 126
Merit: 100
Just in time, daddy needs a new pair of shoes. 
full member
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE

Thank you. Sorry to OP for saying I find this hard to believe. I stand corrected.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
newbie
Activity: 55
Merit: 0
http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?


can you please let us know exactly what you google
searched? I'm finding this hard to believe

As I said in the first post if you had looked, I simply googled my email address ...
full member
Activity: 168
Merit: 100
Brad Willman, SSCP, LTCP, MCTS,SCE,BCE
http://50.19.139.134/test.php

I found it by simply doing a google search for my email address. I wonder how many people used a password on there that may be to an actual account somewhere else?


can you please let us know exactly what you google
searched? I'm finding this hard to believe
newbie
Activity: 55
Merit: 0
@OP actually you're the dick for posting the link without any attempt to warn those affected.

Fuck you ... how is it my responsibility to do anything about it? What am I gonna do, email everyone on that list a sweet little message? Get real ... I could have just as well done something nefarious with it but I posted it here in hopes of getting it resolved.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Write a script to just pull the email addresses from the list end send an email to all of them.

Write a script to change all their passwords faster than somebody does what you suggested ...

No, this should go to the email provider's attention don't you think so?
sr. member
Activity: 462
Merit: 250
It's all about the game, and how you play it
Write a script to just pull the email addresses from the list end send an email to all of them.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Ok, the one gmail account I tried out and worked got this message a minute ago:
Your request (#....) has been received, and will be reviewed by our support staff.

Our help desk is experiencing unusually high traffic currently. We regret to inform you that you will experience some delays (currently 48-72 hrs) in us getting back to you.

We sincerely apologize for the inconvenience and are working on all fronts to improve our response times.

To review the status of the request and add additional comments, follow the link below:
http://support.mtgox.com/tickets/....


This means somebody even more evil than the OP and me is already at it. I could have logged into Gox but didn't as from having his main mail account I know the rest is trivial.


HOW TO RING THE BELLS?Huh?
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
@OP actually you're the dick for posting the link without any attempt to warn those affected.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
Ok, I'm a dick. 3rd try of a gmail account worked. I'll try to inform gmail to lock them all but ... hmm ... how to reach all mail hosters?
full member
Activity: 180
Merit: 100
I bet a few of those passwords work on those emails...and that a few more work on their Gox accounts as well...
legendary
Activity: 1358
Merit: 1002
sr. member
Activity: 448
Merit: 250
Yes, well, we're the smart ones apparently.  Not everyone is.   You have a nice list now of email addresses and potential passwords.  You do the maths.

It is kind of terrible...taking a closer look, a LOT of people have complex passwords set for their workers. It makes me want to start trying them on facebook, but I am not enough of a dick.
hero member
Activity: 798
Merit: 1000
Yes, well, we're the smart ones apparently.  Not everyone is.   You have a nice list now of email addresses and potential passwords.  You do the maths.
legendary
Activity: 1260
Merit: 1000
Drunk Posts
Whats the point of having passwords for workers? I'd be glad if someone mined on my account Cheesy

My password for all workers on every pool is bitcoin123 feel free to use it.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
Looks like there's a lot of SA members there. But no one here would dare to...Surely not...No Way!

Remember: Play nice!

And don't even think about sending Cosby Coins to any of the SA members on the list.
sr. member
Activity: 448
Merit: 250
worker passwords are totally pointless. mine are all default. you guys wanna mine for me? feel free.
Pages:
Jump to: