Pages:
Author

Topic: Localbitcoins: Account has multiple failed logins from unknown IPs (Read 385 times)

member
Activity: 893
Merit: 43
Random coins :)
With all those attempts someone determined might be trying to brute force themselves into your account, but with 2fa enabled you have a high chance of account not being compromised.
Just don't fall for the cheap tricks to give out codes when asked as this could be giving up access to your email and then your LBC account.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o

 Kiss
Sorry if it looked a bit bitchy. I didn't really feel like writing a one-liner pointing that out. Perhaps you were just stating your point... I guess that was what you were doing.

Anyway... as malevolent stated, quickseller's point doesn't really make much sense either considering you can try to login on anyone's LBC account using just their username. (Although it would be applicable for pretty much any other site but LBC, i agree.)
We are even brother. Let's move on. I was indeed responding QS in that post.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
which made me worried when I see the failed losings but now I didn't see any so the problem with the passwords of LBC database,I guess!
Nah. It just simply means that whoever was trying to login on your account (using your LBC username) stopped doing so. It has nothing to do with LBC or their password DB..
So it must be a coincidence that I never get failed login attempt since I changed my password?

Anyway 2FA and login guard saved my bitcoins if there is someone tried to hack it.
legendary
Activity: 1946
Merit: 1427
which made me worried when I see the failed losings but now I didn't see any so the problem with the passwords of LBC database,I guess!
Nah. It just simply means that whoever was trying to login on your account (using your LBC username) stopped doing so. It has nothing to do with LBC or their password DB..
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Today I checked my IP log since I registered on Localbitcoin and I shocked that the failed login attempt was happening from time to time but I didn;t really notice that since I never left any fund on LBC before but now I am doing day trading on LBC so having few bitcoins there which made me worried when I see the failed losings but now I didn't see any so the problem with the passwords of LBC database,I guess!
legendary
Activity: 1946
Merit: 1427
I would appreciate few words instead of just quoting the posts. It seems you are trying to say that I did not read the answers and left a generic response. Is that it, what you meant?

And you point?
I was responding to Quickseller not the OP.
I would appreciate few words instead of just quoting the posts. It seems you are trying to say that I did not read the answers and left a generic response. Is that it, what you meant?

You speculated that OP (almightyruler) is reusing login credentials, when he wrote two posts above yours that he uses a unique email address and a unique password on every site.

And it's a moot point anyway with how LBC allows logins via usernames which are public, and this is why OP is seeing failed logins from strangers trying to access his account.

 Kiss
Sorry if it looked a bit bitchy. I didn't really feel like writing a one-liner pointing that out. Perhaps you were just stating your point... I guess that was what you were doing.

Anyway... as malevolent stated, quickseller's point doesn't really make much sense either considering you can try to login on anyone's LBC account using just their username. (Although it would be applicable for pretty much any other site but LBC, i agree.)
legendary
Activity: 3472
Merit: 1724
And you point?
I was responding to Quickseller not the OP.
I would appreciate few words instead of just quoting the posts. It seems you are trying to say that I did not read the answers and left a generic response. Is that it, what you meant?

You speculated that OP (almightyruler) is reusing login credentials, when he wrote two posts above yours that he uses a unique email address and a unique password on every site.

And it's a moot point anyway with how LBC allows logins via usernames which are public, and this is why OP is seeing failed logins from strangers trying to access his account.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.
It's very possible. Most of the times internet users use same login credentials to different sites and it results hacking. You can not just trust all the sites that they are storing encrypted password and the admins are honest.

I usually use very unique passwords for every single sites.

I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.

The OP should make sure his password is entirely unique, and not a permutation of his password elsewhere.

I use unique passwords and unique email addresses for each different site.

If it wasn't for LBC allowing login via username (which shows publicly on the feedback page), my account wouldn't be probed at all.

And you point?
I was responding to Quickseller not the OP.
I would appreciate few words instead of just quoting the posts. It seems you are trying to say that I did not read the answers and left a generic response. Is that it, what you meant?
legendary
Activity: 1946
Merit: 1427
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.
It's very possible. Most of the times internet users use same login credentials to different sites and it results hacking. You can not just trust all the sites that they are storing encrypted password and the admins are honest.

I usually use very unique passwords for every single sites.

I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.

The OP should make sure his password is entirely unique, and not a permutation of his password elsewhere.

I use unique passwords and unique email addresses for each different site.

If it wasn't for LBC allowing login via username (which shows publicly on the feedback page), my account wouldn't be probed at all.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.
It's very possible. Most of the times internet users use same login credentials to different sites and it results hacking. You can not just trust all the sites that they are storing encrypted password and the admins are honest.

I usually use very unique passwords for every single sites.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.

The OP should make sure his password is entirely unique, and not a permutation of his password elsewhere.

I use unique passwords and unique email addresses for each different site.

If it wasn't for LBC allowing login via username (which shows publicly on the feedback page), my account wouldn't be probed at all.
That is why they can't login to your account maybe.

Do you still use the same password?

Please change if yes then update you are getting the same failed logins warning!
legendary
Activity: 2268
Merit: 1092
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.

The OP should make sure his password is entirely unique, and not a permutation of his password elsewhere.

I use unique passwords and unique email addresses for each different site.

If it wasn't for LBC allowing login via username (which shows publicly on the feedback page), my account wouldn't be probed at all.
copper member
Activity: 2996
Merit: 2374
It's Failed login attempt, so do not worry much about it.
Anyone can use your username and try to login with random password or even if they know the password (worse case)but your 2fa is not known to them then they can not login to your account but for that attempt it will keep a log which you are seeing in this case.

You will be worried if you see any successful login attempt.
I think this the OP likely had an account with the same email address on another bitcoin exchange or service that has its database hacked/leaked. I think someone is trying permutations of the OP's hacked password on another site.

The OP should make sure his password is entirely unique, and not a permutation of his password elsewhere.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
"When the login guard triggers, it sends an email with the verification link"

I checked back over my emails, and I have received no warnings about failed logins or new devices. I only found out about them today; when I logged in the site warned me that there had been 12 failed login attempts.
Login guard triggers only after the correct login credentials were entered,in case if you have 2FA the login guard work after the successful entrance of 2FA code so I believe even if the hacker got your password still needs 2fa codes to enter that is why you didn't got any warning link.

But since I changed the password I never get the failed login which means someone hacked the password database of lbc ?
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Strange, because I've also got an account over +20BTC, and an email which is public to those on LBC (on my trades listed actually), and never got probed like that. Are you using your account anywhere else? Because if you are, you should start checking out all of those accounts and see if any are compromised. I'm guessing your email was bought, with a suggested password, and it could have worked somewhere, so the guy is now trying to see if it works elsewhere.

Happens every couple of weeks with another email of mine but on FB. I used a random name I thought was nonsense, only to find out a few years ago it means something very common in another language (so all the login attempts come from that country!).
legendary
Activity: 2268
Merit: 1092
"When the login guard triggers, it sends an email with the verification link"

I checked back over my emails, and I have received no warnings about failed logins or new devices. I only found out about them today; when I logged in the site warned me that there had been 12 failed login attempts.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
Anyone else seeing this sort of activity in their LBC account?
Yes I do faced the same issue few days back and immediately contacted lbc support then this is what I got from them as response.
Code:
Hi xxxxx,

Thank you for contacting us.

The login Guard triggers whenever a login attempt is done from an unauthorized browser ( a browser that has not been used to log into the account before ).

When the login guard triggers, it sends an email with the verification link, this link should be opened in that same unauthorized browser in order to verify it.

If you receive the Login Guard and you have not made any attempt to access your account from a new browser, that means that someone has managed to figure out your password and trying to access your account from a different browser.

To address this issue, do not open the link in the email sent to you, instead, you need to:

1. Log into your account normally from an authorized browser.
2. Check your Login history to make sure that someone has tried to access your account from the following link. https://localbitcoins.com/accounts/profile-edit/personal-data/ (you can see the IP address for each login attempt, if you notice a different IP address used only once or twice, thats the login attempt).
3. Go to your account setting and update your password from the following link: https://localbitcoins.com/password_change/

Once you update your password, your account will be safe again, You can learn more about some good security practices from our security guide https://localbitcoins.com/guides/security


Let us know if you have any further questions.

---
Best regards,
LocalBitcoins


In response to:

I am getting these kind of failed login attempt warning in the recent days,so I am afraid of the account security now.

Can I get the failed login ip details to know where my account tried to login?

And I did changed my password after that I never got the failed attempt of lofin so act fast before happening something and also 2FA saved my funds which I am enabled it for very long time.
legendary
Activity: 2758
Merit: 6830
Nope, if you're logged in, all you need to do is load the 2FA management URL, and the secret is presented to you without any challenge whatsoever.

I've just grabbed my phone to confirm that the value shown on the screen is all you need to enter into Google Authenticator in order to clone 2FA. I now have two different "accounts" on Google Auth (one QR at setup, one entered text from 2FA management URL) showing the exact same 6 digit signature.
Maybe we should suggest them to change this?

https://localbitcoins.com/support/request/#other
legendary
Activity: 2268
Merit: 1092
I see. I thought you needed to input the 2FA generated code before seeing the secret code again (for cases where you didn't save it and used an app that doesn't let you export them, like Google Authenticator).

Nope, if you're logged in, all you need to do is load the 2FA management URL, and the secret is presented to you without any challenge whatsoever.

I've just grabbed my phone to confirm that the value shown on the screen is all you need to enter into Google Authenticator in order to clone 2FA. I now have two different "accounts" on Google Auth (one QR at setup, one entered text from 2FA management URL) showing the exact same 6 digit signature.
legendary
Activity: 2758
Merit: 6830
They shouldn't be showing the code after 2FA has already been enabled. It's being displayed for an unnecessary 24 hours and a lot can happen within that time frame, and they're making it slightly and needlessly easier for bad hombres to hijack accounts.
"In order to reduce security on your account, you will need to prove you have the secret."

"By the way, the secret is XYZ."
I see. I thought you needed to input the 2FA generated code before seeing the secret code again (for cases where you didn't save it and used an app that doesn't let you export them, like Google Authenticator).

In this case, I agree it is a pretty dumb idea, even if only for 24 hours.
Pages:
Jump to: