Topic: Some mo-fo is tryin' to hack my ass. (Read 566 times)

Yeah, there are so many free e-mail providers that all you really need is some time and patience to create a bunch of throwaway ones for use in different situations where the other party (like this forum) doesn't absolutely need to know your e-mail addy or don't make it optional to give it out for whatever security functions they have.

Who knows what clown tried to hack my account and for what purpose?  It could have been anyone for any reason, though I'm still puzzled as to why that clown chose me since I'm just an average guy on bitcointalk with the exception of having a high rank.  Weird.

OK, I think this thread has served its purpose and I'm going to lock it up now.  Thanks to y'all for lending me your ears.

I've used forum account email on various services before, but with your incident I'm starting to worry that my email might leak. Frankly I've blocked most email from services I never even knew about, it's probably true that I should consider replacing them sometime in the future because the more spam emails that come in, the more likely this email is to leak to multiple parties.

The Pharmacist, I hope you can be more careful with the people around you because who knows they will stalk you from a distance. Lol
But I'm sure, your reputation can't be matched by any user so even if the hack is successful, forum members will recognize it and will lock it in a cage.

No I am not but I have a very strong password generated using password generator which is saved in a txt file. I have backup of the text file since there are no way for me to remember the password. It's too hard. Not bothered to have 2fa enable. This could be an extra layer of security though.

If the original owner can prove it using the bitcoin address he used in past then it does not take long to recover the account. Once it is recovered then everyone removes their red paints. That's what I had when I lost my account and got back after contacting the recovery team.

Are you using something like 2fa or google authenticator to secure your e-mail?


A change bitcoin address will be immediately noticed and aroused suspicion. Let's say the hacker even manages to do this and get the reward for the past week on your signature campaign. But as usual, users of stolen accounts immediately report it on bitcointalk, and in combination with the changed bitcoin address, this doesn't leave the hacker with a great chance of further use of the stolen account. Subsequently, the account will be returned to the owner or painted red for theft, which makes the account almost useless.

A** holes 🤣
To be honest after the hack I have changed my email address and this email address has been never used to any other service. If any day I receive any such email then it will be confirmed that bitcointalk data has been leaked. So f*** off fuckers. You catch me, I alert the entire forum 😉

It seems this hack attempts is whats making the rounds at the moment on the forum. One needs to be very careful on all fronts these days from being aware of the activities that goes on in there mails and the series of unsolicited pm especially, one that bares links and requires some feedback.
On the email, I think this quote from a while ago agrees just fine with your choice on what email to be linked with my account on forum.
Play safe by protecting your official email that is affiliated with your life's worth and documents by keeping it put of harms way and still, get to protect your account on a yt active mail where your sure to be cautious on dealing.


Yeah, they possibly shouldn't know and have limited options to come up with an email address to brute force except, you had deals that ought to have led to email exposure and that's a risk for sure.
This gives me the idea that, one has got to own probably a separate mail address for working deals from the forum/Web at large.

This stresses on why the forums default system works or activates hidden emails and these should serve as caution to those whom have left there's exposed.



Lol,,, apparently its a way to go to prevent the account from causing any damage before a possible recovery! Althogh, its some risk still as, some DT might neg tag and no longer be active on the forum. This would make permanent the tag although, the a reference to the case and further positive tags after recovery would cast a shadow on it.

I really hope this doesn't turn out to be the case for you @The Pharmacist.

Yeah, to think of it. Account changing hands often lives a trace to follow. Like;
* Change of mail address
* Password reset via email
* Post quality decline
* Frequented board to make comments
* Local Board participation
Etc...

It's disgusting how these guys feel the need to be reputable or own a ranked up account and don't see the need to work for it. Safe means only guys and don't let your rep be messed u by these cunts.

Waitaminute.  I admit I haven't read this entire thread, but my understanding of the situation is that someone simply tried a few times to log into my account, but that doesn't mean they know my forum e-mail address (unless they saw when I absentmindedly posted a screenshot of my profile in a post a while back).  And if they did see that post, they sure as hell waited a long time to get to the haxxoring.

Ain't got none of those 'cept my right hand I call Daisy and whoever it is that's behind all the voices in my head.

Its not just forum but anything youve exposed your email with is gonna be swarming with emailed about changing your password or updating any information now.

My airdrop email has too many change password attempt and phishing links. As expected as it dumps online through different drops.

Maybe one of your friends before are trying to phish you now. Wondering even they managed to got hack an account. Forum will be notified of changes, and how does they think they can earn money from it unless they can profesionally imitate the user writing habits. A typical hacker usually change password and every information so if this does happened then will have a clue that The Pharmacist has now a second user. Also if he tried to request a bitcoin address change on your signature campaign.

xkcd 2176, “How Hacking Works”.  This made an appearance in some places, when the xkcd forums were pwned.


You’re welcome.  HTH.

Have I Been Pwned? is sufficiently “notable” to have a Wikipedia page:

https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

It is also a popular tag on security.SE.

HIBP simply offers you a way to check if your data are already floating around in an underground world that most people don’t know exists.  Sites get compromised every day.  Blackhats sometimes offer the information for sale, or just share it for the lulz.  To the public, ignorance is bliss—until they personally suffer from criminal usages of their information.

Sometimes, HIBP has “interesting” challenges.  See how its operator, Troy Hunt, decided to handle the mess when Ashley Madison and Adult Friend Finder (see updates at the bottom) were hacked:

https://www.troyhunt.com/heres-how-im-going-to-handle-ashley/



Most people do not understand why I am so strict about security and privacy.  They are naïve.

For the record, I wrote that for a reason--the guy who owns that gas station is from Bangladesh and I'm pretty sure he can see my wi-fi signal from across the street (not that that has anything to do with this, but my brain is scrambled).  I might have even asked him if he knew about bitcoin before.  Again, no relevance.

Nullius, I actually read your post and I thank you for posting that.  I never visited that pwned site, but I'mma check it out soon as I down my last 40 ounce, know what I'm sayin'?  Been a rough week.

xkcd 1121, “Identity”.

Relevant recent discussion elsewhere:

---

Check if known database compromises could be used to exploit your information from one site to gain access to your accounts at another site:  haveibeenpwned.com.  Most importantly, never use the same password at two different sites—never.  Use a secure password manager, and a different long, random password for each site.

Users who value their accounts should be able to disable all automated account recovery mechanisms (other than some hypothetical mechanism that uses strong cryptography; that would be great!).  These “recovery” mechanisms are per-account backdoors.  They are well-known attack surfaces, which have been very frequently exploited for years—sometimes in high-profile cases that make the news.


Tor can be checked.  I had to guess the date for “less than a week” before 2022-07-07.

http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/exonerator.html?ip=119.30.39.74×tamp=2022-07-01&lang=en
Clearnet site for those not using Tor: https://metrics.torproject.org/exonerator.html


P.S., pet peeve:

We don't really know where the real culprit is, but surely the IP he's using has put you and some others there to shame. The hacker knows how he has to hide, and they may use a VPN or TOR to carry out his actions.

For now I haven't thought about changing the account password and e-mail, but as I said before, I'm definitely going to be very wary now.

---

No idea, but surely they hate you so much that you are ignored.

I did not receive PM from newalias, I did not receive any password reset email, all these means that I am a boring user 🤣. I feel left out now. Is it bad or good? 😉

I have gone through the worst. Motherfucker hacked my account but it was theymos and the recovery team who were really helpful to recovered my account. They were unexpectedly quick. There were times when you had to wait months even years to get back the accounts.

I'll tell you Mr TP, you're unique with all of your writings, your grammar and higher vocabularies used, as ion think anyone can match your writings. ( No kidding )  How well you talk about the past DT system's, merit system,bounty hunting and cheating.

 A change would be very easy for anyone to notice. But, further more, reconsider changing your pass to your mail. Maybe, more harder to crack! Hopefully all be sorted out. Safe!

You should do well to front the dude at the gas station if you think he has something to do with it.

found this thread and wanted to add 2 cents as I think someone is trying to hack anyone they can with good credit merit trust etc.

Wow , It's seems nearest me. When did the people here become such big hackers? Lol
Location in Bhuapur, Bhuapur sub-district, Tangail district, Dhaka division.
It's a shame to see all this.

Looks like the same thing happened to me in less than a week. I get e-mail about resetting password while I never did. The e-mail took me by surprise and suddenly I had to urgently see if I could access the account but luckily because till now my account is still safe without any changes. For now I ignore the e-mail and everything is still fine. But I really have to stay alert for the worst.

In the meantime I did a little search about the IP location listed in the e-mail, here are the findings. The Pharmacist, let me know if you find a location similar to this about that person. He's probably the same guy who also tried to hack my ass. LOL

That person might just be trying his luck, but he forgot that it was a wasted effort. The Pharmacist, I experienced the same thing last February and I think there are many other users who experience the same thing. But in my opinion it's never too dangerous especially if the hacker doesn't know your email.

Attempted account hacking via forgot account password

Damn, it's already at a severe stage I guess.  

This is interesting. I have the same problem to deal with. I am a very private person. I wondered how someone else could get access to my number. Well, I am aware of the fact that even mobile sell data. So, blame on me, right? Saying A, doing B, and thinking C, just is ridiculous. I shouldn't be wondering. But still, I was quite surprised.

I think the ones trying to do that are just amateurs playing around. But you need to be careful too. maybe this time he failed. but we don't know what it will do when it wants to hack you again. because if someone seriously wants to hack your account. then the person will not stop with just one to ten failures. he will continue to find a way. in a classic way like sending a link or something like that or in a more modern way. being careful and making anticipation is better than being late. But of course we hope that it's just a prankster and not really not serious about hacking you.