Author

Topic: Strange mass F2pool pool address change request (Read 687 times)

sr. member
Activity: 431
Merit: 250
December 02, 2015, 03:45:10 PM
#4
It is generally (always) a good idea to not reuse passwords across multiple sites, especially if you are using the same email/username as well. There are a number of instances in which sites have been hacked and the DB containing the (either hashed or plaintext) passwords have been leaked, plus there is the risk that the owner (or other insider) is acting maliciously and will attempt to hack your accounts at other sites.

Thanks for advice, I took it lightly before by being lazy, but that's the only weak thing I had, my other sites and emails are F2A and different passwords.
copper member
Activity: 2996
Merit: 2374
It is generally (always) a good idea to not reuse passwords across multiple sites, especially if you are using the same email/username as well. There are a number of instances in which sites have been hacked and the DB containing the (either hashed or plaintext) passwords have been leaked, plus there is the risk that the owner (or other insider) is acting maliciously and will attempt to hack your accounts at other sites.
sr. member
Activity: 431
Merit: 250
UPDATE:
we are both in https://www.longtermpaying.com/ I used my emails there aswell, it's the only site.
I guess he tested my password and email on F2pool and succeed.

Site closed and users got stolen and now he is hacking their accounts, on which forum should I warn users to change their passwords?
sr. member
Activity: 431
Merit: 250
If you didn't notice, two of my email accounts and a friend of mine also received payout address change on F2pool mining pool, keep in mind that one of the accounts I didn't use and have 0 balance.

each payout address was different, I wouldn't share the ones I got just yet, I accepted the change just to see the payout addresses than I reverted back to mine and changed account password.

Here is my security measures:
Keystrokes encrypted - works on some keyloggers
Passwords encrypted in Lastpass
Unique username and passwords for the account I don't use
Avast AV
SpyShelter
I don't download crap and if I do I use isolated VM
I am so paranoid that I have F2A enabled on every possible account that supports it.

How someone was able to get into F2pool even the account I never used for mining which have 0 balance and change my address and my friend as well who lives 5 countries away.

Did you get the change request too?

If so start changing your passwords if you use the same at F2pool, I suspect someone have F2pool DB.
Jump to: