Pages:
Author

Topic: Protect Your Account - page 2. (Read 614 times)

legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
August 05, 2020, 08:23:22 AM
#27
He was hacked because the hacker sent him a phishing email I believe, he clicked a link & there we go.
Certain people are working behind the scenes, trying to figure out who it was.
full member
Activity: 924
Merit: 221
August 05, 2020, 08:22:42 AM
#26
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
Yeah, I do not get the point also on why it had two email ad on bct. I know that it could be change depending on the preference of the owner to change or not the email being registered in bct but once it change it only allow one email for a certain user to use to recover his account. This is why I got confused. Anyway, whatever he mean to that reply seems like hes mading it up so that without basing anything that could make the statement worth.

legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
August 05, 2020, 07:53:18 AM
#25
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**

How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends.


There can be many options, but the fastest way that comes to mind is that a virus has been caught. A virus that steals browser logs. And since most likely the owner had one browser, which he often used, and did not erase cookies after each session, all the logs were transferred to the hacker.
A lot of information can be stored in one log. Starting from location data, and computer processor, and ending with passwords for mails, forums, bank cards. If a keylogger was installed in the system, then everything that the owner of the browser pressed was available to the hacker.
How to avoid such viruses, I think everyone has long understood, do not download anything from the Internet, use antivirus software, and other protections. You also need to erase all your cookies after each session and use different browser profiles for different tasks.
After such a data theft situation, you need to reinstall the operating system. Or reinstall the browser again.

https://www.kaspersky.com/blog/browser-data-theft/27871/
https://www.zdnet.com/article/raccoon-malware-targets-massive-browser-range-to-steal-your-data-and-cryptocurrency/
legendary
Activity: 2184
Merit: 1302
August 05, 2020, 07:17:18 AM
#24
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
That should be it, email used for registration would not count as long as you've changed your forum email address to a new/different one, the forum afaik doesn't use two email options, users only have the option to change the email when they want to; email used for registration becomes useless once changed and you can't reset password or receive any notification through it.
legendary
Activity: 1904
Merit: 1563
August 05, 2020, 06:51:10 AM
#23
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
legendary
Activity: 2184
Merit: 1302
August 05, 2020, 05:17:03 AM
#22
How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends
It is in the op, and was also explained by few users after the op, his account wasn't hacked because of his email was visible to other users, but it seems he uses the same email on the forum for other purposes, so hackers sent him a malware in the form of a link which he clicked, that gave them access to the account and the powers to request for a reset of his password.
Limiting the Newbie's capability to reply on certain thread. How? They could only see pinned posts for approximately 3 to 5 days (depending on the forum management) upon their registration. Hence, all of necessary rules, regulations, and reminders would and must be read by the newbies before they can have the rights to reply on threads.
Limiting newbie participation is very harmful for a community. Newbie jail will never return: I consider the newbie-jail period to have been extremely damaging to the forum. When barriers to participation are too high, then the best people often just won't go to the trouble of joining, and the people who are willing to jump through the hoops are often people who aren't good for the community: people with nothing better to do, scammers, get-rick-quickers, etc. Having a permanent newbie jail policy would improve things a lot in the short-term, but would end up being a fatal poison to the community.
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
August 05, 2020, 04:47:47 AM
#21
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**

How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends.

I guess this kind of thread and other thread that are helpful and must be pinned here in Beginners and Help board. Suggesting such actions isn't that kind of helpful if and only if the other newbies preferred nor haven't read issues with regards to hacking accounts even from a simple email. With regards to that, I also see the following as a good suggestion to the forum itself:

Limiting the Newbie's capability to reply on certain thread. How? They could only see pinned posts for approximately 3 to 5 days (depending on the forum management) upon their registration. Hence, all of necessary rules, regulations, and reminders would and must be read by the newbies before they can have the rights to reply on threads.
  • ADVANTAGE/s: issues with regards to users (even older ones), that they either plagiarize, spam, burstpost, necro-bump, and any other violations that they aren't aware of, would be lessen. Chances of such prohibited activities might be eradicated once the rule would be implemented. Hence, any other issues such as the hacking matter indicated by the OP would be avoided. This would also make build a better community as this forum grows around the world.
  • DISADVANTAGE/s: They need to spend days before making use of their account, and I think there's nothing more, nothing less.

Some might find this an awful suggestion, but with increasing cases of spamming, burst-posting, scamming, necro-bumping, and any other prohibited actions, then I guess we must start from the basics, by reading necessary threads such as rules and regulations and reminders for a safer account and environment.

If requested to transfer this to meta as another thread, I would be delighted to do so.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
August 05, 2020, 03:57:28 AM
#20
I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.
sr. member
Activity: 2030
Merit: 269
August 04, 2020, 08:12:56 PM
#19
Emails that you are using is very important that is why you should set up some safety parameters like two factor authentication and phone verification so you can access it only after putting the code we need to beef the security on all emails that we are using because this is where we can access all our accounts from other sites, especially when you are using a public computer.
legendary
Activity: 2492
Merit: 1232
August 04, 2020, 06:52:20 PM
#18
I dont want to use other features in protecting my Bitcointalk account because might be cause trouble upon losing those credentials connected with your account. Hiding email addresses is enough for me at least, you know also how to access your email. Especially stated above of my reply, never use a secret question security feature, which is very risky upon recovery in your account.

It is good if you will separate your email address exclusively for the Bitcointalk account only and for those social media account should always be separated.

Might good if don't open your email address used in Bitcointalk, especially from the unknown PM's.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
August 04, 2020, 06:52:01 PM
#17
Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?
Yes, sites like https://privnote.com/
Better yet there are apps like snapchat, Viber (timed message mode). Works better in a sandboxed environment like an android phone. But with snapchat there have been occasions where hundreds of thousands of supposedely deleted snap image messages were accessed from the platform's servers and celebrities were targeted. So non p2p solutions aren't perfect.

Even better there is the FOSS Off The Record (OTR) messaging which allows for deniable authentication from a certain party in a trustless and p2p way. Overall tons of better ways to message people other than PMs in a forum. Especially so if the goal is privacy.
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
August 04, 2020, 06:32:36 PM
#16
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.



hero member
Activity: 2870
Merit: 594
August 04, 2020, 12:23:18 PM
#15
I have practice to hide my email here since day one because I know it could be a vector of attack sometime. Those with  bad intent some scrape emails here and then try to hack it. I think this is one method that's why there is a rampant attacks way back in 2017 wherein we hear a lot of accounts being hack very easily.

I already informed our campaign manager about this incident since BitcoinGirl.Club and I are both in the same campaign.
legendary
Activity: 1708
Merit: 1280
Top Crypto Casino
August 04, 2020, 11:09:24 AM
#14
Also, this is a good feature and it depends on the user how does it works why they show or hide their emails.

On our profiles, we have the email that the other member can easily see, and based on my perspective there is a good and bad side why we need to show or hide this.


Show
Other members can see and can direct email to us.
You can message each other in private.
Prone to hacking because your email is already exposed. Sometimes your passwords are not strong and do not contain:

Small letter
Capital letter
Number
Symbols

Hide
To avoid getting reached by the intruders want to do something with your email and account.

full member
Activity: 1232
Merit: 186
August 04, 2020, 07:02:23 AM
#13
Yes, the "hide email address from public" flag is on by default (meaning hidden)
Thank God I am doing the right since day one. Actually I'm about to check my profile already to check it again but good thing I read your post. You saved few minutes of my time Smiley. I strongly believe that my email was hidden all the time but still OP's post alarmed the hell out of me lol (paranoia strikes).



My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
full member
Activity: 1303
Merit: 128
August 04, 2020, 04:22:15 AM
#12
Upon checking my email account is already hide from the public and I think this is already on a default settings. I don't know the reason why a person will expose their personal email where we know the risk of sharing it. Though I've seen many bounties publicly share the emails of the participants on the spreadsheet, I just forget that bounty name but its they should not do that. I also suggest to have more emails for your different purposes, and to be more safe from hackers and scammers.
legendary
Activity: 1134
Merit: 1598
August 04, 2020, 04:16:00 AM
#11
Furthermore, I'd recommend using a different e-mail for different categories of accounts you have. For example, use one mail for social media accounts and a completely different one for exchange accounts. This not only lowers the chances of all your accounts being compromised at once but also decreases the chances of all your accounts being linked by an external party to your identity. This way, if your "exchange" email gets compromised, you know that you should only consider the said accounts compromised - unlike having all accs on the same mail, where you have to check whether all of them have been affected or not.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
August 04, 2020, 04:06:51 AM
#10
Aren’t there websites that delete a message after it’s been read?
There are such websites available, but I've not used most and as such cannot recommend any. This feature is also available on telegram chat, to activate it; you Set Secret Chat > Set Self Destruct Timer > Select The Preferred Time Range. The destruct timer ranges from a couple of seconds to a week and not necessarily when the message has been read by the other party, so the conversation has to be synchronized.

I would however not recommend very sensitive information is sent across such websites as they are commonly targeted by hackers through phishing attacks for such data.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
August 04, 2020, 03:48:55 AM
#9
Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?
legendary
Activity: 2408
Merit: 2226
Signature space for rent
August 04, 2020, 03:46:17 AM
#8
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address. But of course, my secondary mail is hidden still now. So no one can see it easily. Passwords should use very strong and different from other sites. More securely we have to keep safe our email address because hackers could use reset passwords by mail. So we have to be careful with our mail system. Usually, I don't use my current bitcointalk mail for any other sites to avoid spam messages.
Pages:
Jump to: