Topic: Someone had access to my account last month - Please beware! - page 3. (Read 1278 times)

Quoting for images:

.
.
.
These three person are involved into this trading, two of them are from India & last one is from (Vietnam/Indonesia):
https://i.ibb.co/VBX5pj7/Capture-2021-09-15-10-31-12.png
https://i.ibb.co/4407KFB/Capture-2021-09-15-12-27-52.png
https://i.ibb.co/4sMBCmN/Capture-2021-09-15-12-27-15.png

First guy, the actual legendster or the hacker or bounty manager came to sell his account and offered the account to (2nd & 3rd guy, or other team member- they are reseller team)
2nd & 3rd guy are reseller and middleman as well, they have a huge team member.
I bought the ID from the reseller team on May without email address they refused to give email address:
https://i.ibb.co/b3mqw0p/20210915-121142.jpg
https://i.ibb.co/3yCs5h2/20210915-121138.jpg


Then I tried to contact with the 1st guy and offered money for BTC/ETH address, but he disagreed to sell, He need huge money otherwise don't want to give BTC/ETH address.
https://i.ibb.co/JdNRxPJ/Capture-2021-09-15-10-12-57.png
https://i.ibb.co/XSRrKHr/Capture-2021-09-15-10-14-49.png
https://i.ibb.co/F3rn83V/Capture-2021-09-15-10-18-47.png

Then last monday 1st guy suddenly started dancing and texted the reseller team and wanted back his account but don't want to pay back, but I disagreed to give.

I gave all evidence with old password too, forum moderator can verify the old password, from May to "September 13, 2021" that account was in under my control and now he recovered the account without giving me back 500 usdt.

Video link of the chat: https://drive.google.com/file/d/1Vs0mFlQp0Zoz7rpqEilCs3Jwzd9E9vhS/view?usp=sharing

Can you send a signed message that proves you bought the account? I don't trust screenshots, they can be doctored.

What do you base that number on?

No, forum moderators can't see your password.
There's a flaw in your story: legendster's email address was never changed.
Why would you buy an account and not use it for 4 months?

He scammed me 500 usdt and took the account back again last monday. I also have the old password, forum moderator can verify that.

What's going on here? lol

If he sell his account only for 500 USDT, he's stupid enough since his account is more worth around 0.05 BTC or more (worth 2300 USDT right now). Even you've send the Telegram chat I doubt other people would trust it (include me)

---

@legendster I hope you could sign a messages of your Greenwallet address as you said previously, otherwise this case will be more complicated.

Hi! I bought legendster ID from him last May,
He sold the ID to me for 500+ usdt and now recovered his ID.
This person is liar and totally fake. please stay away from him.

I will send telegram chat photo.

The thing is screenshot aren't 100% verifiable to proof of your ownership, you need to sign a messages (but you said the address you used are from exchange) tagging without verifiable proof isn't correct.

If the hacker has access of your phone (which the same phone you get the 2FA code) you can still get hacked.

This guy is a hacker. Please give negative trust to this account. I am the  owner of this account and he changed email address signature affiliate code and Bitcoin wallet address today.

After spending a lot of time now feeling better, Successfully I've secured everything with a strong password,
I also set google authentication app to secure my email. 
Now no one will be able to hack my email like legendster without authentication code. 

I'm afraid that it will ask verification code when I will change it?





I just used a random email like abcd@example,com, even it does not exist.

I haven't shared it with anyone publicly, but maybe forums staff knows that.
when I randomly go to report on other's posts and it warned me that email is revealed to the forum staff, then I stopped reporting their post cause I don't want to reveal the address.

Even how many security levels that you put into your account or even your email address if you didn't care about it, it's useless.  As long as you've used an email address that's not associated with your personal and daily use account, then, you'll be fine.  If you're the only one who knows your password and your email address used, you're safe from a possible scam or being a compromised account.

Threat your account as you valuable stuff and avoid it sharing with anyone.
I'm on this rank now but I never change my password even at once or email the address because I know that I'm the only one who uses it 'till now.

I suspected that this was probably a cause of sharing an account or might use it as collateral in exchange for something valuable than this, IMO, and CMIIW.

Change it

legendster's account has been hacked ! I am so much scared to see it. legendster is a very reputed and skilled person on our Indian board.
When I joined the forum, I was not very careful about email , I have created my account with a random email address, will I have a problem? What do I have to do now? please suggest me.

Which 2FA method?

Google has several different options for 2FA, there is one where you open the Gmail app on your mobile phone, another uses Google authenticator, and I believe there is also an SMS verification also. So which one were you using at the time of the hack?

That means someone might be able to access that email address. Yopmail users for instance have had their account compromised that way.

Further reading here.

I'm a complete idiot when it comes to tech, and even I know not to do that.  I'm not trying to rub salt in any wounds here, legendster, but damn.  I use Firefox, but don't use the sync function.

And I'm not even sure why e-mail is required on this forum.  I get that some people want the 2FA security, but for me it's just another piece of data that can be hacked, and personally I don't care to enter anything but a throwaway e-mail address.

Why didn't the hacker reset the password is the better question.  And if legendster did indeed get hacked and the hacker didn't change it, I understand why legendster would change it--unless I'm missing something obvious.  I'm assuming the hacker got access to it from the Firefox data in which it was stored and presumably still has it.  No idea why a hacker wouldn't change a password on an account they just hacked, but hey....I'm not a hacker.

Wait, you stored your passwords in the cloud? Why on earth would you do that? Cloud storage is a terrible idea for passwords. I don't even dare use the same account on more than one device, because each device increases the risk of getting compromised, let alone give each device access to everything!

If you scroll back into my posts you'll see I've been increasingly inactive on Bitcointalk since late 2019.

I've been focusing my energy on my work on Telegram and Discord.

---

The MeqsW wallet was from some third party exchange / platform. I don't even remember where.

I have access to the later ones as those would be from my Greenwallet wallet account. I'll have to install the desktop app and find a way to sign from there. Will do that later today or whenever I find some time.

The password itself was a strong alpha numeric 26 character pw with special characters and all..

I am suspecting the hacker got access to my Firefox sync account as well which would enable him to get passwords of different accounts. Of course I've reset that pw along with all the old important passwords. (and still resetting the unimportant ones)

---

Yes I was the one who reset it and the one before was 'changed'.

Which implies the hacker must have had my BTT password from the April email breach (which would have given him access to Firefox sync where I store a bulk of my passwords) and he simply tried to log in and changed the pw last month.

There have been a number of attempts since April to log into my exchange accounts but since I reset them no one has gotten in but I did get a bunch of emails from Binance and other exchanges where there were some failed attempts to log in.

And no, nothing in the outbox.

And yes I can sign from some of the old addresses but they won't mean anything as the hacker would have access to them as well.

---

That is what boggles my mind that someone got in DESPITE 2FA being active on ALL my accounts.

And google defaults to the new way of 2fa where you get a notification screen where you have to approve that you're signing in from a new device - I didn't get any of that when the hacker got into my email in April.

I was only notified when my DDIM tokens were being unstaked and I got that notification on Telegram. But It was already around 50 minutes late.

PS: I was stupid enough to have saved my master priv key sheet in the drafts of my email around Feb when I was doing a PC OS upgrade. And didn't care enough to delete it later. Because in the back of my mind I knew no one could bypass my 2fa. I was wrong.


After the hack, I did make a post on Linkedin and perhaps Twitter, seeking advice from security experts.



[moderator's note: consecutive posts merged]

bu i think the attacker using some IP guard like VPN or proxy because my account that im using right now is one victim and i regain on 2020

for now i think is good to change your email first and then change the password

maybe the reason my account got hacked is because i have same password and account

 you must not do what im doing

If anyone is still not aware, this story was created to scam Maidak - https://bitcointalksearch.org/topic/wtf-maidak-5359785