Author

Topic: Potential Gambling Site Leak (Read 427 times)

legendary
Activity: 1834
Merit: 1008
October 27, 2018, 07:41:24 AM
#23
People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing
I never had the experience to use keepass but according to google keepass is "an opensource password manager which can help you to manage all of your passwords" it means that you can use keepass as your database of all of your password so if you haven't memorized the passcode you can use this to keep your password safe but I don't think we still need this because you can make your own password database in your own spreadsheet.
Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe.

Manage all out passwords sounds really good, and it is good for better coding user as well but in the mean time, there are still mant of users that do not understand how to code or familiar with an open source things so I could say, it is better to use 2FA, besides it is not that hard to understand and use either. Scan and done, as simple as that so you do not really need to manage your password that hard
legendary
Activity: 2016
Merit: 1107
October 26, 2018, 06:41:54 AM
#22
People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing
I never had the experience to use keepass but according to google keepass is "an opensource password manager which can help you to manage all of your passwords" it means that you can use keepass as your database of all of your password so if you haven't memorized the passcode you can use this to keep your password safe but I don't think we still need this because you can make your own password database in your own spreadsheet.
Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe.

literally every piece of equipment can be compromised
keepass is a nice little tool to keep your passwords, also lastpass falls into this category
it is way better than storing your passwords on a piece of paper or, god forbid, in a text file
spreadsheet passwords sounds like a joke, you think that Google documents are safer than keepass?
in any case , 2fa is a must for sites you store money at , gambling sites or exchanges or wallets
otherwise using a password manager is fine in most cases, try it - you will like it Smiley
legendary
Activity: 1638
Merit: 1046
October 23, 2018, 11:31:02 AM
#21
People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing
I never had the experience to use keepass but according to google keepass is "an opensource password manager which can help you to manage all of your passwords" it means that you can use keepass as your database of all of your password so if you haven't memorized the passcode you can use this to keep your password safe but I don't think we still need this because you can make your own password database in your own spreadsheet.
Using any 3rd party software your account can be compromised so I suggest to better memorize the password and use google 2fa is enough to keep your account safe.
legendary
Activity: 1834
Merit: 1008
October 23, 2018, 10:00:48 AM
#20
People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/

Strong password and 2FA of course needed to make your account secure. But to think that by putting 2FA will make your account insecure, how this thing is possible? Many people already know 2FA and have beend used it for so long and it never has any issue with it and by using keepass it will only give us and extra security towards our account so it is depends on players as well whether they are going to use it or not since not everyone are familiar with coding thing
legendary
Activity: 1792
Merit: 1283
October 22, 2018, 06:47:33 AM
#19
People should really be using a decent password manager that creates random strong passwords.
Different ones for every site you use. Also, don't just blindly trust 2FA, because there are definitely ways around that (depending on what kind of 2FA the website uses)

I can definitely recommend Keepass, which is an awesome open-source password manager.
https://keepass.info/

2FA with a mobile phone number is insecure and you don't know what they use your phone number for.
Just look at what Facebook did with phone numbers it collected for their 2FA, sold them to advertisers... (source)

This article is pretty interesting, it lists all the pros and cons of different 2FA methods:
https://www.makeuseof.com/tag/pros-cons-2fa-types-methods/
hero member
Activity: 2646
Merit: 686
October 22, 2018, 06:29:10 AM
#18
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.

This is sad news and what makes it worst the site has not come clean to it's users which puts their users to more risk. I'll agree with the advice one should use distinct passwords, as we have seen in the past they get one password and they can hurt you a lot financially. It's important to note sites using http or not using ssl is a must avoid these days, also using your password on a public or free wifi is a very bad idea.
legendary
Activity: 3052
Merit: 1188
October 22, 2018, 02:56:42 AM
#17
Considering gambling casinos are also sort of work like wallets (people deposit their money there and sometimes they withdraw but there are times when a gambler just keeps his money in the casino instead of withdrawing all the time) this is actually worse than it looks like. Yeah, someone taking control of your casino account doesn't seem THAT bad when you consider whats the worst thing they can do deposit and gamble ?

But, don't forget they will have your wallet and if you have money in it than they can withdraw it plus they will have your email address and the password for that and if you have password same with any other place they could potentially try that email/password combo in any website, they could literally write a code that says try this email/password combo in all of these websites and let me know if any of them gets inside and it would take 10 seconds to check hundreds of websites.

It is really dangerous and has insane potentially horrible stories. Be really careful about this.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
October 21, 2018, 04:28:02 AM
#16
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.
Will publishing be a right idea? What about to warn users with leaked emails on your website? Because they may try to spam emails and you may know social engineering still works, especially in older people.
I think leak comes from famous bitcoin gambling websites, if you contact some of them and randomly send 10 email or even list, we may possibly know who has problems because not only your but other users will be in trouble too.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
October 20, 2018, 09:39:30 AM
#15
It's a bad sign they must be aware of this leak.

He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.
A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force.

Shouldnt we put that 2fa thing to be a standard security of our accounts? Its easy as 1,2,3 to set it up but people do still fail and they would only realize when its too late.
legendary
Activity: 1638
Merit: 1046
October 20, 2018, 09:22:32 AM
#14
It's a bad sign they must be aware of this leak.

He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.
A strong password is not enough to protect the account I think 2fa and use a unique password for every gambling site is a good idea and Gmail should have an SMS authentication and a different password to protect their email from brute force.
legendary
Activity: 2016
Merit: 1107
October 20, 2018, 09:20:33 AM
#13
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.

this has been happening for quite some time
my email that is used for registration at some secondary exchanges and casinos
has been receiving dozens of failed authorization attempts reports
seems like one of the sites has leaked its database or I managed to register at a semi-rogue exchange/casino
specifically designed to get cryptousers e-mails and then attempting to bruteforce accounts
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
October 20, 2018, 08:03:20 AM
#12
thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
He's merit begging, you might as well leave him a negative. Check his merit history.
Still lucky that his still having no -VE yet its obvious on that merit abuse. Checking Dice-bet giving out merits?

Back into topic, this is why I don't really use up my main email when using up any websites neither gambling sites or other ones because leakage can happen and also
using up different and strong passwords is recommended.We wont able to find out on where those leaks came from.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
October 20, 2018, 07:41:44 AM
#11
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.
You might as well want to figure out where these email addresses are coming from and inform their respective website owners? Ofcourse it's hard to figure that out but putting it online maybe help service see if majority of them are used in their databases.

thats bad to hear
maybe implement a 2fa system ?
As usual, merit beggars being blind as fuck.

thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
He's merit begging, you might as well leave him a negative. Check his merit history.
legendary
Activity: 3696
Merit: 4343
The hacker spirit breaks any spell
October 20, 2018, 07:36:01 AM
#10
thats bad to hear
maybe implement a 2fa system ?

2fa, for example fido network, is really easy to implement
Is ten rows of code

Or can implement another poor method, like time based confirmation
legendary
Activity: 1834
Merit: 1008
October 20, 2018, 07:23:04 AM
#9
thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
i was talking in general (all gambling websites)

But most of the gambling site now are using 2FA, there is no any single site that do not have 2FA protection. If that site exist, I do not think anyone are bothering to play on their site,because 2FA is the best protection for the current time. If it happens your account get be hacked when you already put the 2FA then there must be something wrong with the account because I have this problem before and the result I got hacked some amount on that site
full member
Activity: 958
Merit: 120
CryptoGames: Revamped Games, Multiple Coins
October 20, 2018, 04:58:58 AM
#8
~..snip..~

i was talking in general (all gambling websites)

All known gambling websites have 2FA option afaik, but A LOT of users are either lazy or simply too stupid to enable extra security on their accounts. And many of them use same passwords for all their online profiles.

ALWAYS enable 2FA on accounts where money is stored/involved.



@OP: Thanks for notifying the community.
member
Activity: 182
Merit: 31
October 20, 2018, 04:16:08 AM
#7
This is scary. In this industry, some wicked operators are actively trying to undermine other operators business interests. That's not a healthy way to compete.

Spend that useful time to build your customer base, improve in your customer support, make your payouts more efficient, etc. Rather than focusing on undermining other people's business
copper member
Activity: 14
Merit: 0
October 19, 2018, 12:41:30 PM
#6
They're probably using the various leaks publicly available.

Check to see if you're affected here:
https://haveibeenpwned.com/
member
Activity: 416
Merit: 27
October 19, 2018, 12:35:57 PM
#5
thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
i was talking in general (all gambling websites)
copper member
Activity: 2562
Merit: 2510
Spear the bees
October 19, 2018, 12:28:18 PM
#4
thats bad to hear
maybe implement a 2fa system ?
Did you happen to read the post?

As always, BitDice protects your account by verifying unknown logins to help secure your account.
legendary
Activity: 2018
Merit: 1108
October 19, 2018, 12:28:11 PM
#3
thats bad to hear
maybe implement a 2fa system ?

We have 2FA and email confirmation on login. Issue wasn't on our end.
member
Activity: 416
Merit: 27
October 19, 2018, 12:26:57 PM
#2
thats bad to hear
maybe implement a 2fa system ?
hero member
Activity: 776
Merit: 522
October 19, 2018, 12:24:28 PM
#1
BitDice noticed a large spike in bruteforce attempts with a large number of valid email addresses. We suspect that the attacker may have been using a list of leaked credentials from another gambling website due to the large number of valid email addresses. We wanted to inform the public and also advise everyone to always use unique passwords across multiple websites to prevent these types of attacks from being successful.

We may publish a starred email list in the future but we are more concerned that this may have orignated from another gambling site in the community.

As always, BitDice protects your account by verifying unknown logins to help secure your account.
Jump to: