jkoil (original)
The Curious Case of Jkoil's Account
So is your gmail account also compromised or not? How was the
hacker able to reset the password through the e-mail on May 4th?
No idea. I guess BTT admins know, which email was used. My bad memory in this case
Now checking the emails of my 'current' account:
there are emails from
- Exchanges
- NEM Forum, NXT Forum (both already old and shutdown),
- and finally some from Bitcoin Forum, but old too, eg. this from 2014
11/20/2014 at 4:07 AM
"You have just been sent a personal message by kodtycoon on Bitcoin Forum.
IMPORTANT: Remember, this is just a notification. Please do not reply to this email.
The message they sent you was:
ok thank you. no that shouldnt do any harm.. hope to see you on the podium!
Reply to this Personal Message here: https://bitcointalk.org/index.php?action=pm;sa=send;f=inbox;pmsg=3119542;quote;u=174773
------------------
You are receiving this message because you are a member of the
Bitcoin Forum. If you do not want to receive further messages, you
can change your notification preferences here:
https://bitcointalk.org/index.php?action=profile;sa=notification
https://bitcointalk.org/index.php?action=profile;sa=pmprefs
If you have forgotten your password, you can reset it here:
https://bitcointalk.org/index.php?action=reminder"
Have to admit that there is a chance that I have changed the
email account in
BTT account some years ago (after there was some warnings or something).
And that email account was not so active one for me in other issues. If that is the case I have relied on my BTT account : I will always see the account name in my BTT account and then check that email account every now and then.
I found from my files 2 je*.com email addresses, which I suspect to be the candidate for the "latest email in BTT";
other one has been for (mainly) Youtube and that one's pw does not work anymore. Hacked?
The other one's pw is currently "out of my memory"
My latest posting by "jkoil" was on May 12, 2022.
Is it known that the hack was made on May 4th?
...
Looking back, this user knows how to create passwords....
However, it didn't work for him, or he's not a real user.
I still skip password generators ...
until it is known what has happened here.
I may be guilty for "overlooking"
(looking down) to make strong and safe pw to some "not-money-related" accounts. I have accounts in
quite many sites ... yea, maybe I could use some manager, but anyway I would leave the most valuable pws out of pw manager. Papers etc. with possible "encrypting" are best stores for those ... I
know think.
Yeah, seriously. I remember a time when account recovery was next to impossible if you got hacked, but things seem to have gotten easier in the past few years.
He might be lucky that the hacker didn't change his account email
[or the new owner didn't change it] so he might still be able to reset his password via e-mail. This user-generated recovery does not involve the account recovery team as the account owner only resets the password via a link sent to the e-mail to reset the password. But it will be very difficult if the hacker has changed the account e-mail because the account recovery must involve the recovery team, and the only way to get the account back is to prove it by signing bitcoin message.
Imagine if a user never used a bitcoin address anywhere on this forum or he forgot about the wallet he was using. It will definitely make it even more difficult to get his account back
[perhaps not even anymore] because the recovery team won't trust him as easily as one might think.
If I remember my postings correctly, there is no need to imagine
Edit:
clarif.[moderator's note: consecutive posts merged]