Topic: Some mo-fo is tryin' to hack my ass. (Read 566 times)

Yeah, there are so many free e-mail providers that all you really need is some time and patience to create a bunch of throwaway ones for use in different situations where the other party (like this forum) doesn't absolutely need to know your e-mail addy or don't make it optional to give it out for whatever security functions they have.

Who knows what clown tried to hack my account and for what purpose?  It could have been anyone for any reason, though I'm still puzzled as to why that clown chose me since I'm just an average guy on bitcointalk with the exception of having a high rank.  Weird.

OK, I think this thread has served its purpose and I'm going to lock it up now.  Thanks to y'all for lending me your ears.

I've used forum account email on various services before, but with your incident I'm starting to worry that my email might leak. Frankly I've blocked most email from services I never even knew about, it's probably true that I should consider replacing them sometime in the future because the more spam emails that come in, the more likely this email is to leak to multiple parties.

The Pharmacist, I hope you can be more careful with the people around you because who knows they will stalk you from a distance. Lol
But I'm sure, your reputation can't be matched by any user so even if the hack is successful, forum members will recognize it and will lock it in a cage.

No I am not but I have a very strong password generated using password generator which is saved in a txt file. I have backup of the text file since there are no way for me to remember the password. It's too hard. Not bothered to have 2fa enable. This could be an extra layer of security though.

If the original owner can prove it using the bitcoin address he used in past then it does not take long to recover the account. Once it is recovered then everyone removes their red paints. That's what I had when I lost my account and got back after contacting the recovery team.

Are you using something like 2fa or google authenticator to secure your e-mail?


A change bitcoin address will be immediately noticed and aroused suspicion. Let's say the hacker even manages to do this and get the reward for the past week on your signature campaign. But as usual, users of stolen accounts immediately report it on bitcointalk, and in combination with the changed bitcoin address, this doesn't leave the hacker with a great chance of further use of the stolen account. Subsequently, the account will be returned to the owner or painted red for theft, which makes the account almost useless.

A** holes 🤣
To be honest after the hack I have changed my email address and this email address has been never used to any other service. If any day I receive any such email then it will be confirmed that bitcointalk data has been leaked. So f*** off fuckers. You catch me, I alert the entire forum 😉

It seems this hack attempts is whats making the rounds at the moment on the forum. One needs to be very careful on all fronts these days from being aware of the activities that goes on in there mails and the series of unsolicited pm especially, one that bares links and requires some feedback.
On the email, I think this quote from a while ago agrees just fine with your choice on what email to be linked with my account on forum.
Play safe by protecting your official email that is affiliated with your life's worth and documents by keeping it put of harms way and still, get to protect your account on a yt active mail where your sure to be cautious on dealing.


Yeah, they possibly shouldn't know and have limited options to come up with an email address to brute force except, you had deals that ought to have led to email exposure and that's a risk for sure.
This gives me the idea that, one has got to own probably a separate mail address for working deals from the forum/Web at large.

This stresses on why the forums default system works or activates hidden emails and these should serve as caution to those whom have left there's exposed.



Lol,,, apparently its a way to go to prevent the account from causing any damage before a possible recovery! Althogh, its some risk still as, some DT might neg tag and no longer be active on the forum. This would make permanent the tag although, the a reference to the case and further positive tags after recovery would cast a shadow on it.

I really hope this doesn't turn out to be the case for you @The Pharmacist.

Yeah, to think of it. Account changing hands often lives a trace to follow. Like;
* Change of mail address
* Password reset via email
* Post quality decline
* Frequented board to make comments
* Local Board participation
Etc...

It's disgusting how these guys feel the need to be reputable or own a ranked up account and don't see the need to work for it. Safe means only guys and don't let your rep be messed u by these cunts.

Waitaminute.  I admit I haven't read this entire thread, but my understanding of the situation is that someone simply tried a few times to log into my account, but that doesn't mean they know my forum e-mail address (unless they saw when I absentmindedly posted a screenshot of my profile in a post a while back).  And if they did see that post, they sure as hell waited a long time to get to the haxxoring.

Ain't got none of those 'cept my right hand I call Daisy and whoever it is that's behind all the voices in my head.

Its not just forum but anything youve exposed your email with is gonna be swarming with emailed about changing your password or updating any information now.

My airdrop email has too many change password attempt and phishing links. As expected as it dumps online through different drops.

Maybe one of your friends before are trying to phish you now. Wondering even they managed to got hack an account. Forum will be notified of changes, and how does they think they can earn money from it unless they can profesionally imitate the user writing habits. A typical hacker usually change password and every information so if this does happened then will have a clue that The Pharmacist has now a second user. Also if he tried to request a bitcoin address change on your signature campaign.

xkcd 2176, “How Hacking Works”.  This made an appearance in some places, when the xkcd forums were pwned.


You’re welcome.  HTH.

Have I Been Pwned? is sufficiently “notable” to have a Wikipedia page:

https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

It is also a popular tag on security.SE.

HIBP simply offers you a way to check if your data are already floating around in an underground world that most people don’t know exists.  Sites get compromised every day.  Blackhats sometimes offer the information for sale, or just share it for the lulz.  To the public, ignorance is bliss—until they personally suffer from criminal usages of their information.

Sometimes, HIBP has “interesting” challenges.  See how its operator, Troy Hunt, decided to handle the mess when Ashley Madison and Adult Friend Finder (see updates at the bottom) were hacked:

https://www.troyhunt.com/heres-how-im-going-to-handle-ashley/



Most people do not understand why I am so strict about security and privacy.  They are naïve.

For the record, I wrote that for a reason--the guy who owns that gas station is from Bangladesh and I'm pretty sure he can see my wi-fi signal from across the street (not that that has anything to do with this, but my brain is scrambled).  I might have even asked him if he knew about bitcoin before.  Again, no relevance.

Nullius, I actually read your post and I thank you for posting that.  I never visited that pwned site, but I'mma check it out soon as I down my last 40 ounce, know what I'm sayin'?  Been a rough week.

xkcd 1121, “Identity”.

Relevant recent discussion elsewhere:

---

Check if known database compromises could be used to exploit your information from one site to gain access to your accounts at another site:  haveibeenpwned.com.  Most importantly, never use the same password at two different sites—never.  Use a secure password manager, and a different long, random password for each site.

Users who value their accounts should be able to disable all automated account recovery mechanisms (other than some hypothetical mechanism that uses strong cryptography; that would be great!).  These “recovery” mechanisms are per-account backdoors.  They are well-known attack surfaces, which have been very frequently exploited for years—sometimes in high-profile cases that make the news.


Tor can be checked.  I had to guess the date for “less than a week” before 2022-07-07.

http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/exonerator.html?ip=119.30.39.74×tamp=2022-07-01&lang=en
Clearnet site for those not using Tor: https://metrics.torproject.org/exonerator.html


P.S., pet peeve:

We don't really know where the real culprit is, but surely the IP he's using has put you and some others there to shame. The hacker knows how he has to hide, and they may use a VPN or TOR to carry out his actions.

For now I haven't thought about changing the account password and e-mail, but as I said before, I'm definitely going to be very wary now.

---

No idea, but surely they hate you so much that you are ignored.

I did not receive PM from newalias, I did not receive any password reset email, all these means that I am a boring user 🤣. I feel left out now. Is it bad or good? 😉

I have gone through the worst. Motherfucker hacked my account but it was theymos and the recovery team who were really helpful to recovered my account. They were unexpectedly quick. There were times when you had to wait months even years to get back the accounts.

I'll tell you Mr TP, you're unique with all of your writings, your grammar and higher vocabularies used, as ion think anyone can match your writings. ( No kidding )  How well you talk about the past DT system's, merit system,bounty hunting and cheating.

 A change would be very easy for anyone to notice. But, further more, reconsider changing your pass to your mail. Maybe, more harder to crack! Hopefully all be sorted out. Safe!

You should do well to front the dude at the gas station if you think he has something to do with it.

found this thread and wanted to add 2 cents as I think someone is trying to hack anyone they can with good credit merit trust etc.

Wow , It's seems nearest me. When did the people here become such big hackers? Lol
Location in Bhuapur, Bhuapur sub-district, Tangail district, Dhaka division.
It's a shame to see all this.

Looks like the same thing happened to me in less than a week. I get e-mail about resetting password while I never did. The e-mail took me by surprise and suddenly I had to urgently see if I could access the account but luckily because till now my account is still safe without any changes. For now I ignore the e-mail and everything is still fine. But I really have to stay alert for the worst.

In the meantime I did a little search about the IP location listed in the e-mail, here are the findings. The Pharmacist, let me know if you find a location similar to this about that person. He's probably the same guy who also tried to hack my ass. LOL

That person might just be trying his luck, but he forgot that it was a wasted effort. The Pharmacist, I experienced the same thing last February and I think there are many other users who experience the same thing. But in my opinion it's never too dangerous especially if the hacker doesn't know your email.

Attempted account hacking via forgot account password

Damn, it's already at a severe stage I guess.  

This is interesting. I have the same problem to deal with. I am a very private person. I wondered how someone else could get access to my number. Well, I am aware of the fact that even mobile sell data. So, blame on me, right? Saying A, doing B, and thinking C, just is ridiculous. I shouldn't be wondering. But still, I was quite surprised.

I think the ones trying to do that are just amateurs playing around. But you need to be careful too. maybe this time he failed. but we don't know what it will do when it wants to hack you again. because if someone seriously wants to hack your account. then the person will not stop with just one to ten failures. he will continue to find a way. in a classic way like sending a link or something like that or in a more modern way. being careful and making anticipation is better than being late. But of course we hope that it's just a prankster and not really not serious about hacking you.

Yeah, I got my PM, posted in that thread, came back to this thread and you just turned me around like 720 degrees.  My head's a-spinning.  Lol.

My e-mail provider linked to his IP address, which I looked up.  It said it was a VPN, and whoever this rubberdick is used Bangladesh as the location.  Man, I hope it's not the gas station guy across the street from me.  That's not paranoid, is it?

Message received.

Man, my e-mail password for that throwaway account is so strong, it'd take an Avogadro's number of cryptographers a million lifetimes to crack it.  And then even if they hit the lottery they'd be left with a bunch of spam, because that's all that e-mail account receives.  But thanks for the advice anywho.

Damn right regardless of where you're at--I'm a nobody with nothing to my name, and who the hell would want to pick my account to hack?  I haven't pissed anybody off lately that I know of.  Maybe Big Brother Biden finally formed a crypto goon squad that's infiltrated bitcointalk and has started with retards like me.  That would actually make sense, given that it's Biden we're talking about.  Goddamn Weekend at Bernie's president with the real power having their arms up his sphincter to prop him up and get him to the church on time, if you know what I'm saying.

I don't even know what I'm saying.  Can't fuckin' sleep again.

Jayyyzus H Christ, some of you have memories like steel traps when it comes to little details like that post of mine.  I even forgot about that one, but you're probably right (although that was quite some time ago).  In any case, I did change my login details following that snafu.  And you're correct, that e-mail address you showed a pic of is definitely not mine.  Nor am I Italian or that old or that grey, though two of those three things are coming soon.

Funny you should take that poke at my teacup-sized memory.  My last staked address is from an Electrum wallet that I created especially for signing messages should I have to here, and I do have the seed phrase tattooed on the inside of my butt crack.  Nobody is ever going to find it there.

Its no secret bitcointalk was hacked multiple times and email addresses got leaked. Even I registered this kind of attack on my account dedicated to bitcointalk one week ago and I guess alot of other users were affected, too. It was only a matter of time untill we see a wide spread attack like this happens to related users/email accounts.

Unfortunately this. Default opsec like having strong and unique passwords for every service you use, two factor when possible like you stated and you should already be fine.

If someone goes full paranoid mode now, may the thread Stake your Bitcoin address here https://bitcointalksearch.org/topic/stake-your-bitcoin-address-here-996318 is usefull to have a plan B for worst case scenario.

This type of thing happens a lot, if you're a user with a little bit of a reputation, regardless where you're at, then you'll likely see this. I've had business accounts which were particularly valuable in the past on other websites, and they literally non stop, every day, sometimes all day get password resets.

It's why some websites only allow a certain amount of requests, but that might then mean the legitimate user not being able to do it, because others have done it before them, and continue to do so.

These are usually very low, speculative malicious users though. So, can usually be safely ignored. As long as you have your credentials, and accounts secured, and ideally some sort of two factor authentication. You should be alright.

Had the same thing late July 1st and into July 2nd. 2 emails from someone trying to get into my account. I think whomever it is is probably trying it on multiple users and hoping they get lucky. It's like they think we are stupid and have simple passwords.

Maybe, I think your guess is right, maybe someone is trying to get into your account, via Email as I saw in the past.


They might try to tamper with the above email to get into your account, Looks like the hacker has failed, because it's not your real email.

---

Or maybe it's your fault, as you post below, in the past.


Who knows the phishing site is trying to take advantage of the email and password you registered at that time, now they are just trying to enter, Topic: The .com forum.

in cases like this, it seems you have to remember the words that are often said by: TMAN.

Even if the person just knows your e-mail, they can't get into your account, the person must have to compromise your email so when the "reset password" message is sent to the email they can reset the password. Using the "forgot password" function when you have not taken custody of the email is a waste of time. I feel this is not a serious hack attempt, maybe somebody is just playing around.
Not too frightening The Pharmacist, if you still have the e-mails, confirm that they have not been compromised and change their passwords if possible, if they are toss-out e-mails you have no more and is not connected to you in any manner, you can forget about it. I still feel someone is just playing around, though do some security necessities.
unlikely to happen. You will get your account back fast if it happens though because of your reputation.

Just tried luck.
I don't really remember the account self-recovery method as I forgot when I last touched “forgot password”, maybe he thought there would be some method like social media accounts in general.

Of course, especially when it comes to spending smerit to bounties shitposter.
I hope you haven't forgotten where you put your staked address.

I don't know if it has anything to do with it but take a look at this thread:

weird pm received

In this case he talks about PM in the forum. It may have nothing to do with it or if it has something to do it will be some amateurs trying to hack forum members accounts in DT with great reputation.

Send the big man a PM with the time stamps of the emails, he might have the IP of the culprit.  Of course it could just be a tor exit node or whatever, but it could be not.



Um, no comment, but that's off topic. 



Sounds that way to me.



You should change all the passwords on those email accounts, pronto.  If they've been compromised you may not know unless the culprit sent an email.  Or changed the password. 



Honestly, it sounds like an amateur attempt.  Still you may want to assess the strength of the passwords for your forum account and the affiliated email account, and take action if needed.

The e-mail account I use on this forum I generally don't use for much else, but I happened to check it just a little while ago and got three e-mails from bitcointalk stating that someone had used the "forgot password" function for my account, and all three attempts were over the course of about an hour.

I'm not crazy, right?  That means someone is trying to get into my account, right?  What I don't understand is why that person would try to do that if they don't know what my e-mail is.

And after giving it a little thought, I have exposed a few e-mail addresses to members of the forum in the past, whether through deals or by becoming acquaintances with those members.  I'm wondering if one of those people thought I used whatever e-mail they had as my forum e-mail....and that's a frightening thought.

So if you should happen to see my account start posting in the Russian section or if my English deteriorates to brain-vegetable bounty hunter quality, just know that I got hacked and neg my account to high hell until I get it back. 

This is the first time something like this has happened to me since I've been a member.  Yikes.