Author

Topic: Server Compromised? (Read 1035 times)

hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
May 25, 2015, 11:11:28 AM
#5
A new thread wasn't necessary, IMHO. https://bitcointalk.org/index.php?topic=1067985.0;all
vip
Activity: 448
Merit: 252
May 25, 2015, 11:08:53 AM
#4
Yes looks like the forum was hacked again. Nice excuse to come back for a short visit anyway.
newbie
Activity: 23
Merit: 0
May 25, 2015, 11:06:15 AM
#3
It's true. Forum was down for a few days. Check Meta for more details.
member
Activity: 198
Merit: 10
May 25, 2015, 11:04:41 AM
#2
.............. Huh Huh
vip
Activity: 490
Merit: 271
May 25, 2015, 11:03:32 AM
#1
Just received this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You are receiving this message because your email address is associated
with an account on bitcointalk.org. I regret to have to inform you that
some information about your account was obtained by an attacker who
successfully compromised the bitcointalk.org server. The following
information about your account was likely leaked:
- Email address
- Password hash
- Last-used IP address and registration IP address
- Secret question and a basic (not brute-force-resistant) hash of your
secret answer
- Various settings

You should immediately change your forum password and delete or change
your secret question. To do this, log into the forum, click "profile",
and then go to "account related settings".

If you used the same password on bitcointalk.org as on other sites, then
you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the
attacker now knows the answer to your secret question.

Your password was salted and hashed using sha256crypt with 7500 rounds.
This will slow down anyone trying to recover your password, but it will
not completely prevent it unless your password was extremely strong.

While nothing can ever be ruled out in these sorts of situations, I do
not believe that the attacker was able to collect any forum personal
messages.

I apologize for the inconvenience and for any trouble that this may cause.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGIACgkQxlVWk9q1keeUmgEAhGi8pTghxISo1feeXkUMhW3a
uKxLeOOkTQR5Zh7aGKoBAMEvYsGEBGt3hzInIh+k43XJjGYywSiPAal1KI7Arfs0
=bvuI
-----END PGP SIGNATURE-----


If true, a prompt to change password on log on should be instituted. P.S. Haven't checked signature.
Jump to: