Pages:
Author

Topic: Someone had access to my account last month - Please beware! (Read 1345 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I wouldn't be surprised to see the OP's account hacked and/or sold in the future.
It's locked. If sold, it still can't post.
legendary
Activity: 1722
Merit: 2213
Well I see 4 whole pages of talkings here, but unfortunately no DT bothered to leave a feedback to the OP account, at least neutral, saying it's very likely to have been hacked, and the likely true account owner admitted that some of his private keys could have been compromised. What will happen, if the hacker one day manages to recover the account, deletes the last posts regarding the hack and uses it to scam people trough PM or subsections not used by people remembering the case ?

It's a fair point. I also find it surprising that there was no neutral feedback left regarding this back in 2021. Despite the OP being inactive since then, if they had their account hacked before then it remains possible to be hacked again (at least in my mind). I've also left neutral feedback referencing this thread, in case the account is hacked again and/or sold, even if remains unlikely at this time.

This topic should be locked. OP won't be coming back.

Agreed topic should now be locked, but I wouldn't be surprised to see the OP's account hacked and/or sold in the future.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Bpip doesn't even say that the account is still locked https://bpip.org/Profile?id=93844
I don't think BPIP knows: bans are published in modlog, "locks" aren't published.

i think there's a way
How about you read the topic before shitposting?



This topic should be locked. OP won't be coming back.

TL;DR:
we've come to the conclusion that the hacking extent is way to big to determine the ownership correctly so it will be better if the account remains locked indefinitely.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
What will happen, if the hacker one day manages to recover the account, deletes the last posts regarding the hack and uses it to scam people trough PM or subsections not used by people remembering the case ?
How will he recover the account minus getting noticed? The same people who indefinitely locked his account are the same people who do account recoveries and they very much well contributed in this thread.

Relax, account is not going to be used to scam anyone if it's locked  Wink

Quote
Bpip doesn't even say that the account is still locked https://bpip.org/Profile?id=93844
Because such data may not be publicly available for the third-party sites to scrape.
legendary
Activity: 2604
Merit: 2353
Well I see 4 whole pages of talkings here, but unfortunately no DT bothered to leave a feedback to the OP account, at least neutral, saying it's very likely to have been hacked, and the likely true account owner admitted that some of his private keys could have been compromised. What will happen, if the hacker one day manages to recover the account, deletes the last posts regarding the hack and uses it to scam people trough PM or subsections not used by people remembering the case ?

Bpip doesn't even say that the account is still locked https://bpip.org/Profile?id=93844
sr. member
Activity: 2030
Merit: 356
Can you tell how to disable secret questions ?
Go to Account Related Settings, and remove them.

I never set my security questions. So its blank by default. This means its disabled already and i am safe ?

Yes, that should be OK.


Hacker logged in using my secret question.
They tried many times.
Seclog:
Code:
Today at 04:13:39 AM - legendster - password reset via secret question
Today at 04:13:17 AM - legendster - password reset via secret question
Today at 04:02:17 AM - legendster - password reset via secret question
Today at 04:02:03 AM - legendster - password reset via secret question
Today at 04:01:56 AM - legendster - password reset via secret question
Today at 04:00:49 AM - legendster - password reset via secret question
Today at 04:00:24 AM - legendster - password reset via secret question
Today at 03:59:44 AM - legendster - password reset via secret question

Quote


So this account lockout attempt was from Nigeria. Multiple countries continents involved in this  Shocked


jr. member
Activity: 45
Merit: 4
Can you tell how to disable secret questions ?
Go to Account Related Settings, and remove them.

I never set my security questions. So its blank by default. This means its disabled already and i am safe ?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Can you tell how to disable secret questions ?
Go to Account Related Settings, and remove them.
jr. member
Activity: 45
Merit: 4
Reset via secret queation does NOT reset the password. It Locks the account and user need to go through the account recovery process...
I knew that, my comment was meant in general Wink I've disabled my secret questions, nobody can lock my account that way.

Can you tell how to disable secret questions ?
sr. member
Activity: 2030
Merit: 356
After a few days of checking every foreseeable aspect of this case (email, private keys, synced browser passwords, secret questions and what not, seem to have been compromised at some point), we've come to the conclusion that the hacking extent is way to big to determine the ownership correctly so it will be better if the account remains locked indefinitely.


There is too much complexity in this case and since no one is willing to or can sign the message, the account will be locked forever.

So the James bond movie had a sad ending for everyone.
If legendster was true than he have lost his account. The hacker also jumped in the conversation, so if he was true, then he also lost his 500$ because he does not have an account for which he paid.
jr. member
Activity: 69
Merit: 4
I somehow still think that the person behind Legendster account is still the same and was the one trying to recover his account. If someone here has some brain cells and can even notice he still has the same tone of words to lash out on anyone as he had previously.
You are nowhere near justice to the real owner here.
#BitcointalkRecoveryTeam.

It seems the person is the same but he sold his account to many people and
1) he gave the password to one party.
2) he gave the private key to other parties.
3) he gave the email address to another party.
....
4..5...6....

he sold the account to 3/different persons and convince each party not to change the information of a sudden and then he went on hibernation for some days.

he got email notifications, and when he realized something is going bad and was over control, then he came back again and took the control.

Among the above 3 parties, one party is very intelligent and set a security question silently, and the real owner didn't notice that after taking control, cause he reset the password from email address, he didn't check the setting menu. that intelligent party is now coming and change the password via secret question.

this is my notion, everyone has his own perspective. So legendster fans please don't jump on me Cry. Here I see many legendster fans. Lips sealed
sr. member
Activity: 1288
Merit: 415
There is one problem with this though. Someone hacks an account, burns it with a scam of some sort, and then on the way out says "by the way, my account got hacked and the hacker got private keys too". Then the real owner shows up, who possibly never really lost those private keys, and signs a message. I hope you have a bit more to go on than just a word of a (potential) hacker.

We sure do, and I'm certain you understand the reason why we're not able to disclose any more than this. There was a combination of factors that made us come to this decision. It's never easy to leave an account locked, more so a legendary account such as this one and we've said many times that, even if there's a 1% possibility that we're not returning the account back to it's original owner, we'd rather have it remain locked instead of it ending up in the wrong hands.

I somehow still think that the person behind Legendster account is still the same and was the one trying to recover his account. If someone here has some brain cells and can even notice he still has the same tone of words to lash out on anyone as he had previously.

You are nowhere near justice to the real owner here.

#BitcointalkRecoveryTeam.
legendary
Activity: 3010
Merit: 8114


Is this a first for a user who can sign a message? Or does it happen more often?

Theoretically, he can, but never did nor did we feel the need to ask for one as it wouldn't have meant much since the private keys seem to have been kept on a possibly compromised email address. There were a lot of question marks that wouldn't have been answered even with the help of a signed message in this case.

That's understandable but it would have evidenced the possibility that Legendster was telling the truth. Without it, there's no reason to believe whoever has the account is currently capable of doing it, and it could have just been part of a story.

I would have signed the message first and then disclosed that its possible the hacker had the private key. It's a weird statement to make without backing up but not completely relevant to what's at stake.

In any case, its a moot point now.
copper member
Activity: 88
Merit: 115
former Mysterious newbie™
There is one problem with this though. Someone hacks an account, burns it with a scam of some sort, and then on the way out says "by the way, my account got hacked and the hacker got private keys too". Then the real owner shows up, who possibly never really lost those private keys, and signs a message. I hope you have a bit more to go on than just a word of a (potential) hacker.

We sure do, and I'm certain you understand the reason why we're not able to disclose any more than this. There was a combination of factors that made us come to this decision. It's never easy to leave an account locked, more so a legendary account such as this one and we've said many times that, even if there's a 1% possibility that we're not returning the account back to it's original owner, we'd rather have it remain locked instead of it ending up in the wrong hands.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Theoretically, he can, but never did nor did we feel the need to ask for one as it wouldn't have meant much since the private keys seem to have been kept on a possibly compromised email address. There were a lot of question marks that wouldn't have been answered even with the help of a signed message in this case.

There is one problem with this though. Someone hacks an account, burns it with a scam of some sort, and then on the way out says "by the way, my account got hacked and the hacker got private keys too". Then the real owner shows up, who possibly never really lost those private keys, and signs a message. I hope you have a bit more to go on than just a word of a (potential) hacker.
copper member
Activity: 88
Merit: 115
former Mysterious newbie™
it will be better if the account remains locked indefinitely.
Well, case closed. Lol.
Is this a first for a user who can sign a message? Or does it happen more often?

Theoretically, he can, but never did nor did we feel the need to ask for one as it wouldn't have meant much since the private keys seem to have been kept on a possibly compromised email address. There were a lot of question marks that wouldn't have been answered even with the help of a signed message in this case.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
it will be better if the account remains locked indefinitely.
Well, case closed. Lol.
Is this a first for a user who can sign a message? Or does it happen more often?
copper member
Activity: 88
Merit: 115
former Mysterious newbie™
After a few days of checking every foreseeable aspect of this case (email, private keys, synced browser passwords, secret questions and what not, seem to have been compromised at some point), we've come to the conclusion that the hacking extent is way to big to determine the ownership correctly so it will be better if the account remains locked indefinitely.
hero member
Activity: 1498
Merit: 711
Enjoy 500% bonus + 70 FS
Can say maybe the person in question knows your login details, because for someone trying to hack someone account or an account their is every tendency that the account details has been reviewed to the hacker weather through the email information, the user login the details of he or her account to different or numerous system that can cause ot result out weakness of password for easier assessment or penetration.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Pages:
Jump to: