Someone hacked into bitcointalk.org and got email addresses

AGD

legendary

Activity: 2070

Merit: 1164

Keeper of the Private Key

Quote from: Lauda on May 02, 2017, 02:13:44 PM

This seems to be a duplicate of my own thread, but I'll answer nevertheless: https://bitcointalksearch.org/topic/new-wave-of-phishing-emails-1898046

Quote from: AGD on May 02, 2017, 01:13:04 PM

The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!

This is a new attack!

According to some sources (I can't vouch for this claim), the file is full of VB scripts.

Most likely VB, yes. First I thought OP was a new user because of the low post count. Didn't see, that he had registered already in 2013.
If there are new users (after the 2015 hack) affected it would point to a new database hack, but so far it looks like they used the old database.

Title of the thread should be changed as long as there is no proof of a new hack.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

This seems to be a duplicate of my own thread, but I'll answer nevertheless: https://bitcointalksearch.org/topic/new-wave-of-phishing-emails-1898046

Quote from: AGD on May 02, 2017, 01:13:04 PM

The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!

This is a new attack!

According to some sources (I can't vouch for this claim), the file is full of Visual Basic scripts. I wouldn't download it, yet alone try running it.

mindrust

legendary

Activity: 3276

Merit: 2442

I also got this email few hours ago. Deleted immediately like it was cancer. (it was Cool

) At first i thought it was btc-e but then i realized i use the same address both btc-e and here. (i know its stupid, but don't worry i got my 2FA on always with exchanges)

No need to say that you shouldn't click on that word file, or else you'll get fucked big time. My sender's name was "Bell Mark". I guess it is random for everyone.

Zepher

copper member

Activity: 686

Merit: 603

Electricity is really just organized lightning

Quote from: Joel_Jantsen on May 02, 2017, 12:34:42 PM

Did you download the attachment ? The attachment probably came with a key logger or another bitcoin stealing malware.Your anti-virus should have detected it if the hacker isn't using a Cryptolocker.Report such mails as phishing to your mail providers asap.Please host the doc file over a server if possible,I may run it virtually and see where it leads.

I posted the email I received in the other thread by Lauda

If you send me an email of yours by Privnote, I'll forward you the email with attachment if you wish. You can then do some analysis on it.

AGD

legendary

Activity: 2070

Merit: 1164

Keeper of the Private Key

The docx file was encrypted to avoid recognition on Virustotal etc. DON'T DECRYPT IT WITH THE GIVEN PASSWORD!!!

This is a new attack!

Joel_Jantsen

legendary

Activity: 1988

Merit: 1317

Get your game girl

Quote from: bctjim on May 02, 2017, 11:04:01 AM

--snipe--

Did you download the attachment ? The attachment probably came with a key logger or another bitcoin stealing malware.Your anti-virus should have detected it if the hacker isn't using a Cryptolocker.Report such mails as phishing to your mail providers asap.Please host the doc file over a server if possible,I may run it virtually and see where it leads.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

Wouldn't this just be from the prior database hack, nothing new, just someone trying to use the data... I never put any real e-mail into BTCTalk until somewhat recently - maybe sometime in Jan/Feb this year, I did so to try and conform to the new forum but my e-mail was never in the database that was hacked, and I have not received this phishing e-mail that everyone else seems to be getting. I feel a little left out Angry

AGD

legendary

Activity: 2070

Merit: 1164

Keeper of the Private Key

@BurtW

Looks like this is something new, because some newer accounts are recieving this phishing mail too.

European Central Bank

legendary

Activity: 1288

Merit: 1087

yep me too. plus an email that was previously used here i think. i've never used it on any other crypto related site other than here.

chronicsky

legendary

Activity: 2828

Merit: 1222

Just looking for peace

i got the same email stating to activate it in 3 hours

bctjim

newbie

Activity: 13

Merit: 0

Yes I used to use mt gox, but i don't use bctjim name there -- so they've gotten the email from here.

FYI, using any common open source software is a huge security risk, so use different email/password for every site everyone!

(reported email as phishing)

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

What about Mt. Gox? I see you used it. Did you use the email address there also? That is likely. Also, yes, this web site was hacked a long time ago and all the email addresses were taken. So yes, that was a phishing email. Obviously do not open the attachment.

bctjim

newbie

Activity: 13

Merit: 0

Got a weird email saying this with a word doc attachment:

(this is the only site I have this username: bctjim)

---------- Forwarded message ----------
From: Hunter Myra <[email protected]>
Date: Tue, May 2, 2017 at 6:28 AM
Subject: BTC-e codes for bctjim
To: #######@######.com

Good day bctjim.

Please find your BTC-e codes.

You need to activate them within 5 days.

Pass is 0nQ3sCJba
You have to paste it to be able to view the document.

Best regards
Hunter Myra

Topic: Someone hacked into bitcointalk.org and got email addresses (Read 687 times)