Topic: MtGox attack from Poland: accounts compromised - page 3. (Read 8368 times)

We have no access to our account at the moment. Someone else must have some access.
Are you claiming this is a false story? I will be providing identification information on this forum once we get some reply from MtGox.
How do you know we're the only compromised account? This happened 2 hours ago.
What are you trying to prove here?

So besides the one-line reply trolls, anyone here who can exchange constructive arguments?

Not taking sides, but how do you expect him to prove they didn't share their account details, were not infected with keyloggers, and don't currently have access to their MtGox account?

Please provide factual information about what is FUD in my message. Trolling is frowned upon on this forum.

Spreading FUD you are.

My message was very detailed.
Attackers in Poland have access to a list of user IDs, this is proved in the message.
Care to elaborate or are you just a troll?

If the polish attacker has successfully accessed our account, we are losing money, lots of it.

Yubikey has been ordered months ago, still hasn't come.

No one is losing money, stop spreading FUD

If you are using MtGox: get a yubikey incase you still don't have one

Please don't hijack or pollute the topic. Some people are losing real money here.
Thanks in advance.

Oh shit, would that means price will drop again?

Hello,

It seems that there is an attack going on right now on MtGox from attackers in Poland. The timing of the attack is well chosen: MtGox support service is off in the week-end, the account holders cannot contact MtGox, thus leaving the attackers free to withdraw any money they want.


THE SITUATION:

We are an MtGox customer. We use it to transfer relatively large amounts of money.
In the last few weeks, MtGox has surprisingly stopped processing withdrawals, some of our withdrawals have been pending for 3 weeks now. These are international wire transfers. For Euro SEPA transfer, MtGox warns that it could take months to have it processed.  MtGox is blaming a "large backlog". It might or might not be true, this is MtGox after all.

Today, we received an email about a password reset.
Of course, we never initiated this password reset. MtGox mentions the IP address of the attacker in the password reset email: 178.42.125.117 . This IP address comes from Poland. It seems that the attackers don't even bother using proxies. This request from a IP in Poland didn't worry MtGox, although we consistently access our MtGox account from the UK, and only the UK.

Now, this wouldn't be that worrying, but the thing is we never gave the user ID of our account to anyone or publicly. The only way for an attacker to initiate this password reset would be to have access to the MtGox database.
Furthermore, MtGox sends the password reset email in CLEAR over the internet.

TO SUM UP:

So we have this situation where:
- MtGox doesn't process withdrawals anymore, so all our money sits on the MtGox account.
- MtGox database has been compromised by attackers, presumably in Poland.
- MtGox sends password reset emails in clear.
- MtGox customer service is off in the weekend.


THE RESULT:

Now, if an attacker got access to the MtGox database (at the very least they've got the list of user IDs, since they've got ours), he can also put a server in the same colocation areas as MtGox servers, sniffing their traffic, thus the password reset emails and validation code.

This is presumably what the attacker did.

At the moment, we have no access to our account (but surely the attacker has), and we have no way to contact MtGox, even sending them an email to urgently freeze our account is impossible, as they don't work in the weekend. Meanwhile, the attacker is surely enjoying his new bitcoins, since the bitcoin withdrawal system works very well, even in the weekend.

If anyone has any idea how to handle this type of issue, I would be very thankful.