Author

Topic: My account got hacked by an amateur. (Read 591 times)

legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
April 23, 2014, 05:49:40 AM
#7
Did you login at all the day the exploit was released to the public ? I think it was 8th of April..
Does that ring a bell hehe ?

Anyways assuming no one else knew about this until it was released to the public, Theymos said he fixed it within hours... so they could of only gotten your user/pass if you logged in during the window where the exploit was in the wild but before theymos patched it.... if that makes sense.


Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.

legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
April 23, 2014, 05:45:15 AM
#6
I wouldn't call ya paranoid..... what your suggesting is definitely happening Sad

Even sites which only want your email addy, generally to send you a weekly report or secret beeteecee insider trading info you must read nowz!! have been proven to use your email addy to target you in malware/virus emails. Its obvious something not quite legit is going on when you never get said weekly report etc etc, but its to late at that stage.


I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites.
hero member
Activity: 672
Merit: 500
April 22, 2014, 05:18:26 PM
#5
It is best to use a different password for different sites. I use a completely different style of passwords for newly created and doggy sites, especially forums and gambling ones.

I am paranoid about people setting up sites just to get user email and password pairs to hack other related sites.
sr. member
Activity: 434
Merit: 250
April 22, 2014, 05:16:11 PM
#4
xD
I see. In fact I did not see the warning.
Well I hope they patched it already. (they have to recompile apache or nginx with the openSSL update)
otherwise, someone can just start sniffing again and get all the accounts again.

I don't use the same password for everything, I use a composite password made up of 3 words and both alphanumeric and special characters
(not afraid of saying how my password is made, bruteforcing it will take more than a couple of years anyways. )
legendary
Activity: 1274
Merit: 1004
April 22, 2014, 05:12:12 PM
#3
Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.


Did you used same password on other sites?
legendary
Activity: 2212
Merit: 1199
April 22, 2014, 04:55:47 PM
#2
Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.


well maybe this is why :
https://www.dropbox.com/s/7nso75hquwh4p9v/bug.png

They did warned us about this possibility Smiley You should change your password =)
sr. member
Activity: 434
Merit: 250
April 22, 2014, 04:38:54 PM
#1
Someone, I'm sure just testing things out hacked my account and changed my mail. (Didn't change my secret question, which is how I got my account back)
I'm very careful with my password and it is not an easy one to crack, my thoughts are on that the site might have been exposed to the heartbleed openSSL vulnerability and someone could have gotten a list of users and passwords from the server.
Jump to: