Author

Topic: Received email from account NOT associated with bitcointalk (Read 1043 times)

sr. member
Activity: 434
Merit: 252
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.



Very interesting information......


Thank you Theymos

You could be the new owner of Bitcointalk.org Smiley Or at least a "ghost" account Tongue
hero member
Activity: 812
Merit: 1000
Litecoin Association Director
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.



Very interesting information......


Thank you Theymos
administrator
Activity: 5222
Merit: 13032
If the forum sent you an email, then the email address was associated with a forum account. Maybe you didn't create the account, since the forum doesn't verify email addresses. You can use the forgotten password feature to take over whichever account it's attached to if you want.
hero member
Activity: 812
Merit: 1000
Litecoin Association Director
The email address I received this at has never been associated with Bitcointalk. (Don't know how many times I can repeat this so people stop making assumptions on what im stating. I'm an Admin on Litecointalk so ive been around the block once or twice).

It's very awkward and would like to have an admin address this if possible.
legendary
Activity: 1554
Merit: 1002
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key.
This is the original message that is verified:
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account

im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset

Are you sure? I would think that the old email address would be discarded to make room in the databases.

pretty sure and it wouldnt take much room in the database (dont think there encrypted) so its just raw text. and i think there kept for account hacking cases. if your accounts been hacked and the hacker changes the email address theymos can then confirm who you are and send the rest stuff to your old email address... i cant say 100% but its the only reason that makes sense
sr. member
Activity: 252
Merit: 250
Go figure! | I'm nearing 1337 posts...
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key.
This is the original message that is verified:
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account

im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset

Are you sure? I would think that the old email address would be discarded to make room in the databases.
legendary
Activity: 1554
Merit: 1002
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key.
This is the original message that is verified:
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----

hes not asking if it official hes asking why it got sent to an email address thats NOT linked to an account

im pretty sure that even if you change your email address the new and old email addresses are both kept for security (ironic right?) so all email addresses would get the email both old and new. but in theory only current email addresses should be able to change or request a password reset
sr. member
Activity: 268
Merit: 258
The content of the email is the same as the official email from Theymos, and it probably is it. It just seems to have a few extra newlines. After I compared the two messages and removed the extra newlines, it was successfully verified using Theymos's key.
This is the original message that is verified:
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----
legendary
Activity: 1554
Merit: 1002
I got the same one. Doesn't worry me too much who sent it, since there's no links....

That makes no sense, did they (perhaps) forget to insert the phishing links?

Hes probably just talking about the genuine email theymos sent out about the hack.


I am not, please re-read the first sentence


Quote
I got this in an email address not associated with Bitcointalk.

did you try using search. think you can search users by email address

**never mind its been disabled. google it xd google knows all
hero member
Activity: 812
Merit: 1000
Litecoin Association Director
I got the same one. Doesn't worry me too much who sent it, since there's no links....

That makes no sense, did they (perhaps) forget to insert the phishing links?

Hes probably just talking about the genuine email theymos sent out about the hack.


I am not, please re-read the first sentence


Quote
I got this in an email address not associated with Bitcointalk.
sr. member
Activity: 366
Merit: 250
I got the same one. Doesn't worry me too much who sent it, since there's no links....

That makes no sense, did they (perhaps) forget to insert the phishing links?

Hes probably just talking about the genuine email theymos sent out about the hack.
legendary
Activity: 1414
Merit: 1077
I had the same email on Sunday to the email address associated with this forum it says from [email protected] so assumed it was a service message sent from the forum to inform everyone about recent issues.

Also there were are no links to click so would presume it's safe.
member
Activity: 60
Merit: 10
Even I have received the same kind of mail today, the suspicious part was the link embedded in the email which would take you to http bitcointalk.org site wherein our forum is ssl secured and hence has a https

Just posted the details here https://bitcointalk.org/index.php?topic=1070165.new#new
full member
Activity: 129
Merit: 119
Could be suspicious.
It comes from:
198.251.81.170

which have a reverse of:
node-198-251-81-170.reverse.x4b.me

However, noticed that bitcointalk.org does resove to 198.251.81.170 too.
This could mean that the attacker still have Control of the server (?)

Perhaps he installed a backdoor... And he want everyone to change passwords, so they Think they're safe now, but he simply capture the new passwords.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
I got the same one. Doesn't worry me too much who sent it, since there's no links....

That makes no sense, did they (perhaps) forget to insert the phishing links?
newbie
Activity: 1
Merit: 0
I got the same one. Doesn't worry me too much who sent it, since there's no links and it's a plain text message - it's also the first time I've been here in 2 years and found that I needed to change the password.

Also I tried to delete the account but it's not possible without finding a mod Sad
full member
Activity: 129
Merit: 119
I got it too.
Contains some invalid PGP sig... And is sent from a server that apparently does not have any Connection with bitcointalk (?)
hero member
Activity: 812
Merit: 1000
Litecoin Association Director
I got this in an email address not associated with Bitcointalk. Not sure what this means (getting an email from here on an email address not associated with these forums).

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org
. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org
server. The following
information about your account was likely leaked:
 - Email address
 - Password hash
 - Last-used IP address and registration IP address
 - Secret question and a basic (not brute-force-resistant) hash of your
 secret answer
 - Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org
as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----
Jump to: