Topic: Protect Your Account - page 2. (Read 555 times)

He was hacked because the hacker sent him a phishing email I believe, he clicked a link & there we go.
Certain people are working behind the scenes, trying to figure out who it was.

Yeah, I do not get the point also on why it had two email ad on bct. I know that it could be change depending on the preference of the owner to change or not the email being registered in bct but once it change it only allow one email for a certain user to use to recover his account. This is why I got confused. Anyway, whatever he mean to that reply seems like hes mading it up so that without basing anything that could make the statement worth.

There can be many options, but the fastest way that comes to mind is that a virus has been caught. A virus that steals browser logs. And since most likely the owner had one browser, which he often used, and did not erase cookies after each session, all the logs were transferred to the hacker.
A lot of information can be stored in one log. Starting from location data, and computer processor, and ending with passwords for mails, forums, bank cards. If a keylogger was installed in the system, then everything that the owner of the browser pressed was available to the hacker.
How to avoid such viruses, I think everyone has long understood, do not download anything from the Internet, use antivirus software, and other protections. You also need to erase all your cookies after each session and use different browser profiles for different tasks.
After such a data theft situation, you need to reinstall the operating system. Or reinstall the browser again.

https://www.kaspersky.com/blog/browser-data-theft/27871/
https://www.zdnet.com/article/raccoon-malware-targets-massive-browser-range-to-steal-your-data-and-cryptocurrency/

That should be it, email used for registration would not count as long as you've changed your forum email address to a new/different one, the forum afaik doesn't use two email options, users only have the option to change the email when they want to; email used for registration becomes useless once changed and you can't reset password or receive any notification through it.

Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address. 

It is in the op, and was also explained by few users after the op, his account wasn't hacked because of his email was visible to other users, but it seems he uses the same email on the forum for other purposes, so hackers sent him a malware in the form of a link which he clicked, that gave them access to the account and the powers to request for a reset of his password.

How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends.

I guess this kind of thread and other thread that are helpful and must be pinned here in Beginners and Help board. Suggesting such actions isn't that kind of helpful if and only if the other newbies preferred nor haven't read issues with regards to hacking accounts even from a simple email. With regards to that, I also see the following as a good suggestion to the forum itself:

Limiting the Newbie's capability to reply on certain thread. How? They could only see pinned posts for approximately 3 to 5 days (depending on the forum management) upon their registration. Hence, all of necessary rules, regulations, and reminders would and must be read by the newbies before they can have the rights to reply on threads.

• ADVANTAGE/s: issues with regards to users (even older ones), that they either plagiarize, spam, burstpost, necro-bump, and any other violations that they aren't aware of, would be lessen. Chances of such prohibited activities might be eradicated once the rule would be implemented. Hence, any other issues such as the hacking matter indicated by the OP would be avoided. This would also make build a better community as this forum grows around the world.
• DISADVANTAGE/s: They need to spend days before making use of their account, and I think there's nothing more, nothing less.

Some might find this an awful suggestion, but with increasing cases of spamming, burst-posting, scamming, necro-bumping, and any other prohibited actions, then I guess we must start from the basics, by reading necessary threads such as rules and regulations and reminders for a safer account and environment.

If requested to transfer this to meta as another thread, I would be delighted to do so.

I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.

Emails that you are using is very important that is why you should set up some safety parameters like two factor authentication and phone verification so you can access it only after putting the code we need to beef the security on all emails that we are using because this is where we can access all our accounts from other sites, especially when you are using a public computer.

I dont want to use other features in protecting my Bitcointalk account because might be cause trouble upon losing those credentials connected with your account. Hiding email addresses is enough for me at least, you know also how to access your email. Especially stated above of my reply, never use a secret question security feature, which is very risky upon recovery in your account.

It is good if you will separate your email address exclusively for the Bitcointalk account only and for those social media account should always be separated.

Might good if don't open your email address used in Bitcointalk, especially from the unknown PM's.

Yes, sites like https://privnote.com/
Better yet there are apps like snapchat, Viber (timed message mode). Works better in a sandboxed environment like an android phone. But with snapchat there have been occasions where hundreds of thousands of supposedely deleted snap image messages were accessed from the platform's servers and celebrities were targeted. So non p2p solutions aren't perfect.

Even better there is the FOSS Off The Record (OTR) messaging which allows for deniable authentication from a certain party in a trustless and p2p way. Overall tons of better ways to message people other than PMs in a forum. Especially so if the goal is privacy.

Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.

I have practice to hide my email here since day one because I know it could be a vector of attack sometime. Those with  bad intent some scrape emails here and then try to hack it. I think this is one method that's why there is a rampant attacks way back in 2017 wherein we hear a lot of accounts being hack very easily.

I already informed our campaign manager about this incident since BitcoinGirl.Club and I are both in the same campaign.

Also, this is a good feature and it depends on the user how does it works why they show or hide their emails.

On our profiles, we have the email that the other member can easily see, and based on my perspective there is a good and bad side why we need to show or hide this.


Show
Other members can see and can direct email to us.
You can message each other in private.
Prone to hacking because your email is already exposed. Sometimes your passwords are not strong and do not contain:

Small letter
Capital letter
Number
Symbols

Hide
To avoid getting reached by the intruders want to do something with your email and account.

Thank God I am doing the right since day one. Actually I'm about to check my profile already to check it again but good thing I read your post. You saved few minutes of my time . I strongly believe that my email was hidden all the time but still OP's post alarmed the hell out of me lol (paranoia strikes).

---

My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.

Upon checking my email account is already hide from the public and I think this is already on a default settings. I don't know the reason why a person will expose their personal email where we know the risk of sharing it. Though I've seen many bounties publicly share the emails of the participants on the spreadsheet, I just forget that bounty name but its they should not do that. I also suggest to have more emails for your different purposes, and to be more safe from hackers and scammers.

Furthermore, I'd recommend using a different e-mail for different categories of accounts you have. For example, use one mail for social media accounts and a completely different one for exchange accounts. This not only lowers the chances of all your accounts being compromised at once but also decreases the chances of all your accounts being linked by an external party to your identity. This way, if your "exchange" email gets compromised, you know that you should only consider the said accounts compromised - unlike having all accs on the same mail, where you have to check whether all of them have been affected or not.

There are such websites available, but I've not used most and as such cannot recommend any. This feature is also available on telegram chat, to activate it; you Set Secret Chat > Set Self Destruct Timer > Select The Preferred Time Range. The destruct timer ranges from a couple of seconds to a week and not necessarily when the message has been read by the other party, so the conversation has to be synchronized.

I would however not recommend very sensitive information is sent across such websites as they are commonly targeted by hackers through phishing attacks for such data.

Aren’t there websites that delete a message after it’s been read?

Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address. But of course, my secondary mail is hidden still now. So no one can see it easily. Passwords should use very strong and different from other sites. More securely we have to keep safe our email address because hackers could use reset passwords by mail. So we have to be careful with our mail system. Usually, I don't use my current bitcointalk mail for any other sites to avoid spam messages.