Author

Topic: Protect Your Account (Read 614 times)

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
August 12, 2020, 09:32:45 AM
#47
<...>
Not really, but it hinders your security. Knowing your account’s email can help scammers to create a targeted phishing campaign, or to try to cross-reference with other hacked site black-market information in case you are using the same password. You may also be using a very weak guessable password. Not making your account’s email publicly known mitigates these factors.
member
Activity: 266
Merit: 88
August 12, 2020, 05:41:38 AM
#46
You really did this step, but how can our e-mail be hacked only by knowing it, as long as the password is kept securely, can the password be hacked only through the address?
hero member
Activity: 2268
Merit: 588
You own the pen
August 11, 2020, 09:03:20 AM
#45
what i would like to suggest to all users here is that you should change your password here from the forum in various intervals and you should also change the password of your e-mail account in the same intervals - so you are actually very protected against account hacks

I think someone already posted detailed instructions on how to make a strong password to avoid getting hack easily. If I'm not mistaken, the OP was GreatArkansas. wait let me post it here so that anyone could also benefit from his old thread.

Here you go: https://bitcointalksearch.org/topic/guide-how-to-create-a-strongsecure-password-5132378

This thread might old but it is something you must know when creating passwords.
hero member
Activity: 1082
Merit: 502
August 11, 2020, 08:19:08 AM
#44
How reckless and self-confident do you need to be in order to put your email on public display? It's the same as walking around with the inscription on the T-shirt "Fuck me". These things are basic security fundamentals.
And also, in order to be absolutely sure of your safety, come up with a complex password of 50 characters long. Thats all - you don't have to worry about anything anymore. Your forum account will be completely protected!
legendary
Activity: 3304
Merit: 8633
Crypto Swap Exchange
August 09, 2020, 05:45:37 AM
#43
what i would like to suggest to all users here is that you should change your password here from the forum in various intervals and you should also change the password of your e-mail account in the same intervals - so you are actually very protected against account hacks
full member
Activity: 1484
Merit: 136
★Bitvest.io★ Play Plinko or Invest!
August 09, 2020, 01:56:17 AM
#42
This kind of feature has a different purpose still I'm not using this because I want to avoid getting trouble with my emails I know some of the suggestion of the other member that will use other emails not on their main account because this is prone to hackers and other people want to steal your information especially the email. The good thing right here with the use of this is you can send directly to the member you want to do outside to our forum but still I highly recommended too to use other emails for your other transactions it's not because you don't want to know or become anonymous it's just because of safety.
member
Activity: 420
Merit: 12
Globe-dex.com
August 08, 2020, 05:04:44 PM
#41
<...>
<...>


My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
That's what I actually do now—having multiple accounts for different purposes. I just feel more secured that way, and also having 2FA in all of them. I just struggle in remembering which email address I used in what. So I make sure I write it all in my notebook or in the notes app in my phone. Don't know if that's advisable to everyone but it works just fine with me.

Well you don't have to struggle when it comes to store your email I believe your smartphone can accumulate more than 1 to 2 emails and probably most of the login on the browser are saved and even with that the advice to make use of 2af is most recommended.
sr. member
Activity: 1036
Merit: 294
August 08, 2020, 08:45:54 AM
#40
<...>
<...>


My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
That's what I actually do now—having multiple accounts for different purposes. I just feel more secured that way, and also having 2FA in all of them. I just struggle in remembering which email address I used in what. So I make sure I write it all in my notebook or in the notes app in my phone. Don't know if that's advisable to everyone but it works just fine with me.
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
August 06, 2020, 06:29:26 PM
#39
I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now  :D.
Secret questions can be used if you forget your login password. As mentioned before, this will result in the account being locked, and to recover it, you must be able to prove ownership of the account by showing the PGP key or Bitcoin address associated with the account and signing it.
https://bitcointalksearch.org/topic/m.48896084

And if you are already using a secret question, then want to disable/reset it, leave it blank. Make sure everything is empty; no whitespace or invisible characters.

Yes, just keep it blank. Make sure that the secret question area isn't full of whitespace characters. (Spaces don't count, but some other whitespace/invisible characters do.)
member
Activity: 362
Merit: 12
August 06, 2020, 01:07:29 PM
#38
This is a great way for preventing scammers.But what about the bounty hunters?
They are very unconscious about their personal information and scammers can easily reach their sensitive information like email and social accounts.

So my advice is to be experienced and to be learnt about scammers and always use best protection.
sr. member
Activity: 1232
Merit: 379
August 06, 2020, 12:52:51 PM
#37
I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.
Yes exactly, those set are have many accounts registered here but no mind of email protection from public because of the purpose of the accounts.
I have never thought hackers steals via email in as much as there's is no availability of password to email with them or something.
legendary
Activity: 3024
Merit: 2148
August 06, 2020, 10:46:10 AM
#36
It's scary to think that you can get malware or get your account hacked just by clicking on a link. Browsers are supposed to be a safe environment that can's just so easily be used as a vector for getting hacked by simply visiting a site. Perhaps there's an XSS or XSRF vulnerability on the website of OP's email provider - that could be an easy explanation for what happened. In that case an addon like NoScript can help reduce the risk, as long as you don't manually allow scripts on the malicious site.
legendary
Activity: 2324
Merit: 1604
hmph..
August 06, 2020, 10:29:17 AM
#35
You are better off avoiding activating Secret Questions and using other security.

This is true, I have experience to use this feature in the past. I can take over user account just because they are put a real jobs in his life. Of course what i do just for security reason not for hacking. So i told him to deactivate the feature and change it to use SMS verification in case he lost his account. Secret question has limited answer, when we choose the name of family someone can know it, using jobs, someone also can find it. So if we want to safe from hacking. if we put a fake information, we can forget about it. That why i never activate any secret questions again.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
August 06, 2020, 10:02:53 AM
#34
I enable the secret question pretty soon (probably during the account creation procedure), and later came to read that resorting to its use would indeed lock your account, being the unlocking procedure not immediate nor trivial. As such, I left the secret Q/A there, on the profiles, but often felt like I really wanted to delete it (having a signed message on the appropriate thread seemed more fitting). It took me ages to delete it, but it’s really rather trivial:
-snip-
Locking the account after doing the forgot password method with a Secret Question is intended so that the person doesn't easily open the account.
Just imagine if a scammer who knows about the secret quest that we have previously set up, locks the account to further secure the account itself.
The impact of being locked into an account will be uncomfortable when the user does it himself. To try to open a locked account I created another account and contacted the moderator via PM Bitcointalk and also contacted the bitcointalk recovery team via email. I can open my account in just a few hours.

ACCOUNT LOCKED FIX PROBLEM
I sent a message to the email that was printed when the account was locked and the bitcointalk recovery team responded well.




I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now  Cheesy.
You are better off avoiding activating Secret Questions and using other security.
In order for you to prove that the account is your account, you need to do SIGNED MESSAGE BITCOIN ADDRESS, as DdmrDdmr
-snip-(having a signed message on the appropriate thread seemed more fitting).

You can do it here.
Stake your Bitcoin address here
https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318
sr. member
Activity: 658
Merit: 274
Wish for the rain? Then deal with the mud too.
August 06, 2020, 09:27:26 AM
#33
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.
-
The reason for not suggesting the use of secret questions may be because, this feature will automatically lock the account when trying to recover passwords using the Secret Question Method. Because I have experienced this, when I forget my password and want to change it, then I use a secret question that I have previously set, the result is my account is locked.

2FA email might be very helpful for securing email, I have also implemented it.

I was going to ask on why enabling secret question wasn't a good idea 'cause it confused me (when it was designed to help you for retrieving your account password), and then I see this. Thanks for the input though. I was wondering few days ago if I should make one for myself but I think, I should withdraw from doing it so now  Cheesy.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
August 06, 2020, 08:40:08 AM
#32
<...>
I enable the secret question pretty soon (probably during the account creation procedure), and later came to read that resorting to its use would indeed lock your account, being the unlocking procedure not immediate nor trivial. As such, I left the secret Q/A there, on the profiles, but often felt like I really wanted to delete it (having a signed message on the appropriate thread seemed more fitting). It took me ages to delete it, but it’s really rather trivial:

<...> I had this step (deleting my secret question) pending for ages, and it has not been until now that I’ve gone ahead with it. Just a minor observation: Since the Answer is displayed as blank, you can’t really delete the content of the field. I therefore deleted the question, assumed that the answer deletion would be deleted, and hoped for the best. Logging out and back in again works fine, so I figure that was all that was required (+ > Enter your "Current Password" > Click "Change profile" button <…> as you stated).
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
August 06, 2020, 08:26:38 AM
#31
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.


The reason for not suggesting the use of secret questions may be because, this feature will automatically lock the account when trying to recover passwords using the Secret Question Method. Because I have experienced this, when I forget my password and want to change it, then I use a secret question that I have previously set, the result is my account is locked.

2FA email might be very helpful for securing email, I have also implemented it.
sr. member
Activity: 588
Merit: 255
August 05, 2020, 11:25:31 PM
#30
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**



If you haven’t already then follow these steps to make your email address hidden -

- Click Profile at the top of your browser
- Under Modify Profile on the left click Account Related Settings
- Make sure the circled box is ticked (example email address is not mine)



Safe surfing & fuck hackers!


Also make sure you are on a secure network wherever it is. In some cases, hackers hack networks to get usernames and passwords from our accounts. this often happens in public places.
hero member
Activity: 1806
Merit: 672
August 05, 2020, 08:43:43 AM
#29
Yes, the "hide email address from public" flag is on by default (meaning hidden), but I guess people are used to being rather social, and switch it of in many cases (some are business relate, and therefore deliberately conscious). Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.

I figure though that BitcoinGirl.Club’s case is not down to the email being visible on the profile (I don’t think it was, and Archieve sites seem to show it as hidden historically, right up to a snapshot from a couple of days ago). It looks more like some malware got installed after following a link.


So this answers my question in his post in the meta section. I don't think most of them unhiding their email is a social move but more of a business move to me, the mistake members do by showing their email is of course their email that they are showing is also their email to their account in BCT which is the wrong move. Showing your BCT account email will only put targets at your back and you will be vulnerable to numerous phishing attempts by doing so. If you have a separate email for business transactions then it would be easier for you to filter out the fraud emails you are receiving.
hero member
Activity: 2268
Merit: 588
You own the pen
August 05, 2020, 08:40:00 AM
#28
Oh, that man really messed it up in just one night. I think the hacker got it all cleared after the owner of the account has fallen to sleep. This something I knew before when I was a newbie in the industry. Once they know the email address you are using, You just give them a 50% chance to steal your account. The good thing is, most of the users are already hide their email add in their profile. He can regain back his account since he maybe has the necessary information to give the Cryptios.

Find more information here to know about the Cryptios:  https://bitcointalksearch.org/topic/division-of-powers-5143439
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
August 05, 2020, 08:23:22 AM
#27
He was hacked because the hacker sent him a phishing email I believe, he clicked a link & there we go.
Certain people are working behind the scenes, trying to figure out who it was.
full member
Activity: 924
Merit: 221
August 05, 2020, 08:22:42 AM
#26
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
Yeah, I do not get the point also on why it had two email ad on bct. I know that it could be change depending on the preference of the owner to change or not the email being registered in bct but once it change it only allow one email for a certain user to use to recover his account. This is why I got confused. Anyway, whatever he mean to that reply seems like hes mading it up so that without basing anything that could make the statement worth.

legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
August 05, 2020, 07:53:18 AM
#25
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**

How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends.


There can be many options, but the fastest way that comes to mind is that a virus has been caught. A virus that steals browser logs. And since most likely the owner had one browser, which he often used, and did not erase cookies after each session, all the logs were transferred to the hacker.
A lot of information can be stored in one log. Starting from location data, and computer processor, and ending with passwords for mails, forums, bank cards. If a keylogger was installed in the system, then everything that the owner of the browser pressed was available to the hacker.
How to avoid such viruses, I think everyone has long understood, do not download anything from the Internet, use antivirus software, and other protections. You also need to erase all your cookies after each session and use different browser profiles for different tasks.
After such a data theft situation, you need to reinstall the operating system. Or reinstall the browser again.

https://www.kaspersky.com/blog/browser-data-theft/27871/
https://www.zdnet.com/article/raccoon-malware-targets-massive-browser-range-to-steal-your-data-and-cryptocurrency/
legendary
Activity: 2184
Merit: 1302
August 05, 2020, 07:17:18 AM
#24
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
That should be it, email used for registration would not count as long as you've changed your forum email address to a new/different one, the forum afaik doesn't use two email options, users only have the option to change the email when they want to; email used for registration becomes useless once changed and you can't reset password or receive any notification through it.
legendary
Activity: 1904
Merit: 1563
August 05, 2020, 06:51:10 AM
#23
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address.
Wait? Isn't it that the email you have used for registration and receiving notifications is the same? You cannot use your former email for password recovery if you changed it for a newer one thus, your notifcations and password change request can only be received in the new email address.  Huh
legendary
Activity: 2184
Merit: 1302
August 05, 2020, 05:17:03 AM
#22
How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends
It is in the op, and was also explained by few users after the op, his account wasn't hacked because of his email was visible to other users, but it seems he uses the same email on the forum for other purposes, so hackers sent him a malware in the form of a link which he clicked, that gave them access to the account and the powers to request for a reset of his password.
Limiting the Newbie's capability to reply on certain thread. How? They could only see pinned posts for approximately 3 to 5 days (depending on the forum management) upon their registration. Hence, all of necessary rules, regulations, and reminders would and must be read by the newbies before they can have the rights to reply on threads.
Limiting newbie participation is very harmful for a community. Newbie jail will never return: I consider the newbie-jail period to have been extremely damaging to the forum. When barriers to participation are too high, then the best people often just won't go to the trouble of joining, and the people who are willing to jump through the hoops are often people who aren't good for the community: people with nothing better to do, scammers, get-rick-quickers, etc. Having a permanent newbie jail policy would improve things a lot in the short-term, but would end up being a fatal poison to the community.
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
August 05, 2020, 04:47:47 AM
#21
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**

How exactly was he hacked? Even I myself shows publicly my email address, yet encountered no issues of hacking nor anything so far. Maybe he had entered it in a website where they had data breach, or his password wasn't that kinda strong. There can be alot of prevention that can be done by BitcoinGirl.Club in his ends.

I guess this kind of thread and other thread that are helpful and must be pinned here in Beginners and Help board. Suggesting such actions isn't that kind of helpful if and only if the other newbies preferred nor haven't read issues with regards to hacking accounts even from a simple email. With regards to that, I also see the following as a good suggestion to the forum itself:

Limiting the Newbie's capability to reply on certain thread. How? They could only see pinned posts for approximately 3 to 5 days (depending on the forum management) upon their registration. Hence, all of necessary rules, regulations, and reminders would and must be read by the newbies before they can have the rights to reply on threads.
  • ADVANTAGE/s: issues with regards to users (even older ones), that they either plagiarize, spam, burstpost, necro-bump, and any other violations that they aren't aware of, would be lessen. Chances of such prohibited activities might be eradicated once the rule would be implemented. Hence, any other issues such as the hacking matter indicated by the OP would be avoided. This would also make build a better community as this forum grows around the world.
  • DISADVANTAGE/s: They need to spend days before making use of their account, and I think there's nothing more, nothing less.

Some might find this an awful suggestion, but with increasing cases of spamming, burst-posting, scamming, necro-bumping, and any other prohibited actions, then I guess we must start from the basics, by reading necessary threads such as rules and regulations and reminders for a safer account and environment.

If requested to transfer this to meta as another thread, I would be delighted to do so.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
August 05, 2020, 03:57:28 AM
#20
I’d like to presume that people that engage in airdrops and bounties, some of which require an email, are not providing their forum’s registry email (and preferably, they’d be using an email solely for these purposes, with no ties to anything else). Bounties and airdrops subscriptions end-up either being publicly visible in posts and lists, or used for any sort of purpose once obtained. That is a complementary, and probably more frequent malpractice, to displaying the email on the user’s profile.
sr. member
Activity: 2030
Merit: 269
August 04, 2020, 08:12:56 PM
#19
Emails that you are using is very important that is why you should set up some safety parameters like two factor authentication and phone verification so you can access it only after putting the code we need to beef the security on all emails that we are using because this is where we can access all our accounts from other sites, especially when you are using a public computer.
legendary
Activity: 2492
Merit: 1232
August 04, 2020, 06:52:20 PM
#18
I dont want to use other features in protecting my Bitcointalk account because might be cause trouble upon losing those credentials connected with your account. Hiding email addresses is enough for me at least, you know also how to access your email. Especially stated above of my reply, never use a secret question security feature, which is very risky upon recovery in your account.

It is good if you will separate your email address exclusively for the Bitcointalk account only and for those social media account should always be separated.

Might good if don't open your email address used in Bitcointalk, especially from the unknown PM's.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
August 04, 2020, 06:52:01 PM
#17
Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?
Yes, sites like https://privnote.com/
Better yet there are apps like snapchat, Viber (timed message mode). Works better in a sandboxed environment like an android phone. But with snapchat there have been occasions where hundreds of thousands of supposedely deleted snap image messages were accessed from the platform's servers and celebrities were targeted. So non p2p solutions aren't perfect.

Even better there is the FOSS Off The Record (OTR) messaging which allows for deniable authentication from a certain party in a trustless and p2p way. Overall tons of better ways to message people other than PMs in a forum. Especially so if the goal is privacy.
legendary
Activity: 2296
Merit: 2892
#SWGT CERTIK Audited
August 04, 2020, 06:32:36 PM
#16
Also, enable additional security such as 2fa in the email used in this forum. And use different email and passwords with accounts on forums or other social media.
And then I suggest not to use the Secret Question in Account Related Settings.



hero member
Activity: 2870
Merit: 594
August 04, 2020, 12:23:18 PM
#15
I have practice to hide my email here since day one because I know it could be a vector of attack sometime. Those with  bad intent some scrape emails here and then try to hack it. I think this is one method that's why there is a rampant attacks way back in 2017 wherein we hear a lot of accounts being hack very easily.

I already informed our campaign manager about this incident since BitcoinGirl.Club and I are both in the same campaign.
legendary
Activity: 1708
Merit: 1280
Top Crypto Casino
August 04, 2020, 11:09:24 AM
#14
Also, this is a good feature and it depends on the user how does it works why they show or hide their emails.

On our profiles, we have the email that the other member can easily see, and based on my perspective there is a good and bad side why we need to show or hide this.


Show
Other members can see and can direct email to us.
You can message each other in private.
Prone to hacking because your email is already exposed. Sometimes your passwords are not strong and do not contain:

Small letter
Capital letter
Number
Symbols

Hide
To avoid getting reached by the intruders want to do something with your email and account.

full member
Activity: 1232
Merit: 186
August 04, 2020, 07:02:23 AM
#13
Yes, the "hide email address from public" flag is on by default (meaning hidden)
Thank God I am doing the right since day one. Actually I'm about to check my profile already to check it again but good thing I read your post. You saved few minutes of my time Smiley. I strongly believe that my email was hidden all the time but still OP's post alarmed the hell out of me lol (paranoia strikes).



My simple advice for you guys is to never use the emails you already used in signing up to this forum, wallets or others with confidetial infos. Because the more you used it, the more prone it become against phishing attacks or other means of hacking. Making email addresses is now as easy as 1 2 3 so don't be hesitate to create a new one for vulnerable places.
full member
Activity: 1303
Merit: 128
August 04, 2020, 04:22:15 AM
#12
Upon checking my email account is already hide from the public and I think this is already on a default settings. I don't know the reason why a person will expose their personal email where we know the risk of sharing it. Though I've seen many bounties publicly share the emails of the participants on the spreadsheet, I just forget that bounty name but its they should not do that. I also suggest to have more emails for your different purposes, and to be more safe from hackers and scammers.
legendary
Activity: 1134
Merit: 1598
August 04, 2020, 04:16:00 AM
#11
Furthermore, I'd recommend using a different e-mail for different categories of accounts you have. For example, use one mail for social media accounts and a completely different one for exchange accounts. This not only lowers the chances of all your accounts being compromised at once but also decreases the chances of all your accounts being linked by an external party to your identity. This way, if your "exchange" email gets compromised, you know that you should only consider the said accounts compromised - unlike having all accs on the same mail, where you have to check whether all of them have been affected or not.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
August 04, 2020, 04:06:51 AM
#10
Aren’t there websites that delete a message after it’s been read?
There are such websites available, but I've not used most and as such cannot recommend any. This feature is also available on telegram chat, to activate it; you Set Secret Chat > Set Self Destruct Timer > Select The Preferred Time Range. The destruct timer ranges from a couple of seconds to a week and not necessarily when the message has been read by the other party, so the conversation has to be synchronized.

I would however not recommend very sensitive information is sent across such websites as they are commonly targeted by hackers through phishing attacks for such data.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
August 04, 2020, 03:48:55 AM
#9
Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.

Aren’t there websites that delete a message after it’s been read?
legendary
Activity: 2394
Merit: 2223
Signature space for rent
August 04, 2020, 03:46:17 AM
#8
Good suggestion. First of all, I have used two email addresses for my bitcointalk account. One used for registered and after I changed the email to another address to get notification from the forum. So if in case my bitcointalk account got hack, I will be able to recover my account from registered email and sign address. But of course, my secondary mail is hidden still now. So no one can see it easily. Passwords should use very strong and different from other sites. More securely we have to keep safe our email address because hackers could use reset passwords by mail. So we have to be careful with our mail system. Usually, I don't use my current bitcointalk mail for any other sites to avoid spam messages.
sr. member
Activity: 910
Merit: 351
August 04, 2020, 01:59:40 AM
#7
Nice reminder. Maybe also check your others social media, create another e-mail purely for business purpose and never leave personal details, especially you're not using a centralized services. Some hackers might also try their luck hacking your Telegram account for example. Telegram are as important as e-mail nowadays.
hero member
Activity: 3052
Merit: 606
August 03, 2020, 06:01:47 PM
#6
Good advise, when I was starting in the forum, my email was displayed but later I realized that I could be prone to an unsolicited emails so I hide it until now. It's unfortunate that  BitcoinGirl.Club fall for this hackers, hopefully he is alright and he can solve his problem, worse is he has some money on some accounts, damn, the timing is not even good, everyone needs money at the pandemic while hackers continues to do their heartless activities.

Newbie deserves to read this post, thanks for the concern @LFC_Bitcoin
legendary
Activity: 2184
Merit: 1302
August 03, 2020, 05:54:40 PM
#5
Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.
That number (56k) is very high, users should hide their email addresses and should not use their btt email for any other purpose, whether the service is trusted or not; a unique address for your btt account would prevent phshing mails and malware links being sent to your email that could lead to a compromise of your email and your account as well.
It looks more like some malware got installed after following a link.
Newbies should also verify links they receive in their mail box, never click on it, the hackers can design the link to look original and like its coming from providers you registered the email with for some service or the other, verify first and if you are 99% certain, don't click it. 
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
August 03, 2020, 04:45:23 PM
#4
Also goes to show that PMs sent via bitcointalk shouldn't be considered very private.
A compromise in the account essentially means a compromise in its contents also.

End to end encryption is always best for messages that might be considered sensible.
To compromise a properly stored private key used for end to end encryption would require a full system compromise. Which is arguably harder than hacking a third party provider email address.
member
Activity: 785
Merit: 34
SOL.BIOKRIPT.COM
August 03, 2020, 04:37:10 PM
#3
I believe Newbies really need to see this. When I first noticed the hacking of Bitcointalk account activity some time ago. I just got this instinct of making use of that feature of hiding my email of from the forum which I believe they get into one's Account using that means of email. How wish 2af will be implemented on Bitcointalk.  
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
August 03, 2020, 04:34:22 PM
#2
Yes, the "hide email address from public" flag is on by default (meaning hidden), but I guess people are used to being rather social, and switch it of in many cases (some are business relate, and therefore deliberately conscious). Going through a profile DB I have with 2.481.270 profiles, almost 56k accounts had an associates visible email.

I figure though that BitcoinGirl.Club’s case is not down to the email being visible on the profile (I don’t think it was, and Archieve sites seem to show it as hidden historically, right up to a snapshot from a couple of days ago). It looks more like some malware got installed after following a link.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
August 03, 2020, 03:13:15 PM
#1
**Also posted in Meta but sharing here too. Even if it helps one person it’s worth it**


Please, I can’t stress this enough, please make sure the email address set to your account is private.


You may have seen what happened to BitcoinGirl.Club here - https://bitcointalksearch.org/topic/bitcoingirlclub-email-sent-to-recovery-5266437
This is what I am understanding.

Yesterday evening after the poker game, I was doing my usual work. At some point, I was going to check my sportsbet T-shirt update. I was looking for the email sportsbet sent so that I get the link to fill up the form. I saw three emails. One already read. The two new with the update of they are running out of the t-shirts. So I opened one of the email, checked the link and it was taking too long time to load the page. When it was annoyingly late, I closed the tab but my system seemed unexpectedly slow. It happens sometimes and I usually force close the system and restart. I did the same and then started my usual work. When I wanted to  login in few of my accounts it always asked me for passwords. Nothing flagged me though. I did not had any 2nd thought. When it was late I gone to bed. Today morning when I wanted to login to bitcointalk discovered everything. Before everything else I knew I had to reset my device which I did.

Now I do not have access of the email. All the accounts, exchanges, business, social media, gambling sites everything that had the email are fucked up. I am contacting each of the sites to help me changing the email addresses. I am going through a lot now. In some accounts I have money locked. This will not be a very easy ride for me. Everything fucked!!!

I do not deserve it. Thanks whoever you are.

I believe the hacker discovered his email address simply by clicking on his profile & discovering the email there & the rest is history.

If you haven’t already then follow these steps to make your email address hidden -

- Click Profile at the top of your browser
- Under Modify Profile on the left click Account Related Settings
- Make sure the circled box is ticked (example email address is not mine)



Safe surfing & fuck hackers!
Jump to: