Author

Topic: Someone hacked my 2013 account, anyway to get it back? (Read 681 times)

member
Activity: 420
Merit: 12
Globe-dex.com
I was on here a lot way back when, I stopped using it for while, went to log in and found my password didn't work, and when I tried a reset it didn't go to my email. Anyway it can be returned to the original email address? I'm guessing not, but thought it was worth asking, especially because I figure the only reason for people to still an old account on a board like this is to use to scam people.

Please always try to cross check your sentence before posting for a better understanding of what you are saying tho I get what you mean but look at your error here:
Quote
because I figure the only reason for people to still an old account on a board like this is to use to scam people.

I believe you were to say STEAL so correct it. 👍
full member
Activity: 1022
Merit: 133
You just got your legacy back! Congratulations! Glad for ya! Having a senior member account back is like getting back a lost diamond! Welcome back Room101, hope you will enjoy your stay here after such long time Wink
legendary
Activity: 1652
Merit: 4392
Be a bank
Snooped a bit Grin. Nice to have you back! Good posts so far, thank you. Get a hat? ask in WO or pm xhomerx10 with a picture to be made into one.
legendary
Activity: 2436
Merit: 1104
Welcome back Room101!

Thanks!

Can anyone tell me the best place to post an un-editable address, so if this happens again, and next time the thief is smart enough to delete the one address I had posted, I can get it back? Much longer password this time, so should be harder to get my password if the forum is hacked again, but better safe than sorry!

Congrats on getting your account back!

you can just post a signed message on Stake your Bitcoin address here and ask someone to quote and verify your address. that's the easiest way I know and you can archive the post you made on that thread for extra precaution.
staff
Activity: 2548
Merit: 2709
Join the world-leading crypto sportsbook NOW!
It's mine again Smiley Thanks again everyone, I appreciate it Smiley

Congratulations on getting your account back.
Now there are only two things that are urgent.

Get the negative rating removed and post this screenshot:

here -> Save your nice merit records, here Grin
sr. member
Activity: 541
Merit: 362
Rules not Rulers
Welcome back Room101!

Thanks!

Can anyone tell me the best place to post an un-editable address, so if this happens again, and next time the thief is smart enough to delete the one address I had posted, I can get it back? Much longer password this time, so should be harder to get my password if the forum is hacked again, but better safe than sorry!
hero member
Activity: 2030
Merit: 578
No God or Kings, only BITCOIN.
Welcome back Room101!
sr. member
Activity: 541
Merit: 362
Rules not Rulers
You'll probably want to PM veleor and ask him to remove your negative feedback (he noticed your account had changed hands).

Excellent idea, thanks Smiley
legendary
Activity: 3010
Merit: 8114
You'll probably want to PM veleor and ask him to remove your negative feedback (he noticed your account had changed hands).
sr. member
Activity: 541
Merit: 362
Rules not Rulers
It's mine again Smiley Thanks again everyone, I appreciate it Smiley
jr. member
Activity: 34
Merit: 4
Thanks everyone, much appreciated Smiley
hero member
Activity: 2030
Merit: 578
No God or Kings, only BITCOIN.
To random_australian I confirmed as well that the address has been verified and I guess sooner or later you may get your account back on you and since you already sent message to support your account now is on queued for recovery.
legendary
Activity: 1484
Merit: 1655
Rêlêå§ê ¥ðµr MïñÐ
1FrvANzkcgWvCuVFyfphbDNHbYUMfysd4K
Archive

Yeah bitcoin core seems to verify blank messages OK, the above don't though, and I don't want to post my email. Try this:

-----BEGIN BITCOIN SIGNED MESSAGE-----
random_australian is Room101 3rd May 2020
-----BEGIN SIGNATURE-----
1FrvANzkcgWvCuVFyfphbDNHbYUMfysd4K
HzvmlD4BCm3190RJ/8P0BGxzSHaAGeVbYJLmizj3TZlnVDBWvOI6wnKkurkp+wMn3wjtxZ/zJM3Sp13Ri7nQi2c=
-----END BITCOIN SIGNED MESSAGE-----
Verified and Archive



The "Room101" profile, apparently, from October 2017 passed to the farmer who bumping topics using a group of accounts: HappyScamp, miTgiB, evilscoop, Room101, naRky, BongaManollo, hansolo93.
Because all these profiles have changed passwords within 20 minutes and after that they began spamming at the same Russian ANN topic.

Code:
October 10, 2017, 02:02:24 PM - hansolo93 - password changed
October 10, 2017, 01:58:00 PM - BongaManollo - password changed
October 10, 2017, 01:56:34 PM - naRky - password changed
October 10, 2017, 01:53:38 PM - Room101 - password changed
October 10, 2017, 01:50:27 PM - evilscoop - password changed
October 10, 2017, 01:48:19 PM - miTgiB - password changed
October 10, 2017, 01:45:45 PM - HappyScamp - password changed
Archive
jr. member
Activity: 34
Merit: 4
Yeah bitcoin core seems to verify blank messages OK, the above don't though, and I don't want to post my email. Try this:

-----BEGIN BITCOIN SIGNED MESSAGE-----
random_australian is Room101 3rd May 2020
-----BEGIN SIGNATURE-----
1FrvANzkcgWvCuVFyfphbDNHbYUMfysd4K
HzvmlD4BCm3190RJ/8P0BGxzSHaAGeVbYJLmizj3TZlnVDBWvOI6wnKkurkp+wMn3wjtxZ/zJM3Sp13Ri7nQi2c=
-----END BITCOIN SIGNED MESSAGE-----
hero member
Activity: 2030
Merit: 578
No God or Kings, only BITCOIN.
<....>
I use this tool https://tools.qz.sg/ online since I am on my mobile but somehow it shows the signature is not valid. Can anyone verify it using Electrum or any other tools to prove that it is indeed correct?

I used this too https://reinproject.org/bitcoin-signature-tool/ but it still shows me the same output.
jr. member
Activity: 34
Merit: 4
-----BEGIN BITCOIN SIGNED MESSAGE-----
My account Room101 has been hacked/lost. Please reset the email to ########### ( The original account email I signed up with) The current date is 3rd May 2020
-----BEGIN SIGNATURE-----
1FrvANzkcgWvCuVFyfphbDNHbYUMfysd4K
IGxvg1b3xa6K8LdStR6hG/hoJedNQr9vB+JjXml2GZq3P78EA3BU9znKxG2LY0e6pzNc+peysP2n8Fb98ZA83Cw=
-----END BITCOIN SIGNED MESSAGE-----

Here is the unedited post where I posted that address: https://bitcointalksearch.org/topic/m.15807155

Can someone please check I signed correctly. By some miracle I found the old account.

Thanks everyone for you help. Now to find a nice mint 2011 Casascius!

EDIT: Just wanted to confirm it was OK if I didn't actually put anything in the message field of the above signature. I just used the bitcoin address and signed a blank message. So in Bitcoin Core, you are verifying a blank message against with the above signature against the above address

EDIT2: It just occurred to me unless you specify the date in the message being signed you could just be pasting a signature someone posted years ago. I have sent support a signed message with date and email, I don't want to post it here for obvious reasons, but I'm pretty sure it worked correctly. Thank you so much everyone for all your help, as soon as I get back in I'll send you all some merit, I appreciate you taking the time!
legendary
Activity: 2436
Merit: 1104
The account has been inactive for a long time and it's been almost a year on November 26, 2019.

And you said that you last opened it and posted in 2017.

If indeed the account was hacked by someone else and then the email and password were changed, of course it will appear in the Mod Log section in Bpip.

But there is no notification of changes to email and password.

https://bpip.org/profile.aspx?id=129815


Code:
Security/Moderator Log
11/16/2018 4:22:08 AM woke up
11/26/2019 9:55:28 AM woke up

if you really own the account you must be able to prove ownership with the signed Bitcoin Address message that you have posted and the primary email that the account has. if these conditions cannot be met, then the account will not be able to be opened again.

as far as I know, bpip didn't record anything(like password change, email change etc..) before it was launched and the OP said that his last post was July 2017. and his theory is that his account was hacked around October (that same year) since in the post history it shows that the language being used change from English to Cyrillic. the OP's only option to prove that he owns the account is to sign a message using the address provided by krislaw which was found on the OP's post history.
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
The account has been inactive for a long time and it's been almost a year on November 26, 2019.

And you said that you last opened it and posted in 2017.

If indeed the account was hacked by someone else and then the email and password were changed, of course it will appear in the Mod Log section in Bpip.

But there is no notification of changes to email and password.

https://bpip.org/profile.aspx?id=129815


Code:
Security/Moderator Log
11/16/2018 4:22:08 AM woke up
11/26/2019 9:55:28 AM woke up

if you really own the account you must be able to prove ownership with the signed Bitcoin Address message that you have posted and the primary email that the account has. if these conditions cannot be met, then the account will not be able to be opened again.
member
Activity: 234
Merit: 36
Let the bad times roll
If you are sure your account was hacked and you were not the recent one handling that account than I fear to say that you have lost your account. In the year 2013, there was a breach and millions of forum accounts were been hacked. Even if you had security question, it might have made it a lot easier for the hacker to get acess to your account. Also, if you had a simple password than the chances would have been way lot higher that your account is hacked as the hacker had the password hashes in sha256script.

All you can do is report the account and try contacting admins with signed message from the address mentioned by @krislaw. Atleast you can lock the account if you are not given acess again because it is important that the account should not be used to scam anyone as you might be the suspect behind happing anything similar.

I suspect your account is hacked by referring this thread posted by theymos: https://bitcointalksearch.org/topic/about-the-recent-server-compromise-1067985
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
Did you include a secret question option when creating your account? You can try to recover the account using that, this action would get the account locked and the hacker would not have access to it while you wait for the recovery process to be completed.
Having a signed message is not a prerequisite for accounts' recoveries, but it will quicken the process and convince users to leave negative ratings warning users not to deal with such accounts.
sr. member
Activity: 1204
Merit: 388
The username is room101 ( Big 1984 fan in 2013 I guess Smiley )

My last post was July 2017, in October it switched to all Cyrillic? posts I think, but yeah, it could have been anyone, I stupidly reused a password that is now on haveibeenpwnd It's not a huge deal, just wanted to buy a Casascius on the Collectibles board, and figured a 0 post account would not look as believable as my old one.

Not sure if I posted any addresses, I usually try to avoid doing that just as basic OPSEC, but I'll dig through all the old messages, it's an excellent idea I should of thought of it, thanks!

My apologies for not posting on Meta, I realised as soon as I posted, and tried to ask for someone to move it there, but was foiled by the new account post timing limits. A tiny bit ironic I think.

You should take action now by signing a message from the address here https://bitcointalksearch.org/topic/m.15807155
Archive 1FrvANzkcgWvCuVFyfphbDNHbYUMfysd4K by messaging forum support. If you need more help, follow this topic https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777.
hero member
Activity: 2030
Merit: 578
No God or Kings, only BITCOIN.
This really belongs to Meta. I've reported it so that mods will take action.

This link is the last post you posted your own Bitcoin address before I guess it's been hacked https://bitcointalksearch.org/topic/m.15807155 if you can somehow signed a message on that then there's a high chance you'll get your account back. Just follow the link OmegaStarScream just given and do follow also the instructions there.
sr. member
Activity: 1372
Merit: 322
https://bitcointalksearch.org/user/room101-129815
That's your account? You can try to recover your account by following the above linked thread.


My apologies for not posting on Meta, I realised as soon as I posted, and tried to ask for someone to move it there, but was foiled by the new account post timing limits. A tiny bit ironic I think.
You yourself can move the thread into meta for getting attention. Check below of this thread and you will get the opt to move the thread.
jr. member
Activity: 34
Merit: 4
The username is room101 ( Big 1984 fan in 2013 I guess Smiley )

My last post was July 2017, in October it switched to all Cyrillic? posts I think, but yeah, it could have been anyone, I stupidly reused a password that is now on haveibeenpwnd It's not a huge deal, just wanted to buy a Casascius on the Collectibles board, and figured a 0 post account would not look as believable as my old one.

Not sure if I posted any addresses, I usually try to avoid doing that just as basic OPSEC, but I'll dig through all the old messages, it's an excellent idea I should of thought of it, thanks!

My apologies for not posting on Meta, I realised as soon as I posted, and tried to ask for someone to move it there, but was foiled by the new account post timing limits. A tiny bit ironic I think.
staff
Activity: 3500
Merit: 6152
Can you provide a signed message from an address you posted prior to the hack? If so, see this: https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777

I'm guessing not, but thought it was worth asking, especially because I figure the only reason for people to still an old account on a board like this is to use to scam people.

Can you share the account's username?
jr. member
Activity: 34
Merit: 4
I was on here a lot way back when, I stopped using it for while, went to log in and found my password didn't work, and when I tried a reset it didn't go to my email. Anyway it can be returned to the original email address? I'm guessing not, but thought it was worth asking, especially because I figure the only reason for people to still an old account on a board like this is to use to scam people.
Jump to: