Pages:
Author

Topic: What mtgox number are you? (from DB leak) (Read 9050 times)

legendary
Activity: 2058
Merit: 1452
June 23, 2011, 05:05:17 PM
#57
To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?
last ip: 127.0.0.1
email: in original post
email pass: same as mtgox pass
sr. member
Activity: 434
Merit: 250
100%
To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?

THAT's the spirit!   Cheesy
hero member
Activity: 994
Merit: 501
PredX - AI-Powered Prediction Market
well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.
You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256... Tongue

PPS: Don't do the above unless you like angry Disney lawyers
I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!
You don't realize how many fees Mt. Gox has been raking in?

You don't realize WHEN the fees were raked in?

MtGox went from nothing to everything in 2 months, MagicalTux more than once mentioned desperately trying to hire workers and not working so well. It is not much of a money issue, but also time issue.
legendary
Activity: 3080
Merit: 1083
400,000 BTC can buy a boat load of coders...
sr. member
Activity: 294
Merit: 250
well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.
You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256... Tongue

PPS: Don't do the above unless you like angry Disney lawyers
I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!
You don't realize how many fees Mt. Gox has been raking in?
member
Activity: 84
Merit: 10
Y'know, those < 3100 are all easily crackable? Sad

I was able to find 640 passwords belonging to users 1 through 3036... and i know absolutely nothing about Cryptography (Which also means they could be wrong) just by feeding them into some gammy online hash cracker yokie

329,Mahkul,[email protected],$1$e1u03TlV$wGLXQ8ynWjXib5E4qj0fm.

Did you manage to crack my password? I thought it was pretty good. You can post it here, I never use the same password for more than one site anyway.

Its 123456789.

Pretty good, eh?
member
Activity: 84
Merit: 10
well ... i know companies that don't give sequential numbers starting at 1 just to hide real numbers.
You mean companies that care about their customers and don't use amateur college-level PHP coding full of security holes?

Is that message implying that PHP is insecure, or am I misreading it?

PS: College-level? I was 13 and I released a perfectly secure Club Penguin Private Server, with multi-pass SHA256... Tongue

PPS: Don't do the above unless you like angry Disney lawyers
I'm saying  (current) college-level PHP coding is unsecure. It's a curse of the software industry, that nobody adds security unless it's been proven to be required. Usually the proof of requirement is pretty damaging. I suppose the quality level of mtgox coding is on par with their ability on html/css/graphic output.

Does nobody consider that some (PHP/Web) CMS projects have millions of lines of code and years of user testing on millions of installations and still identify and fix security holes? And people never use those (in this community), instead they cowboy-code their own low complexity implementations?

True but there is a cost to everything. Not everyone can afford to hire 15 php master coders with 20+ years experience and PHDs in computer science, ya know!
hero member
Activity: 700
Merit: 500
What doesn't kill you only makes you sicker!
To make the game more interesting, if you could also post the last IP address that accessed the account, your email address (bonus points if you can provide that password too), account name your old password (as that's now useless) and your full physical address, age, date of birth and your mother's maiden name, we can make a nice graph out of that. What do you say chaps?





(For those without a sense of humour or sense that is common: DO NOT TAKE THIS POST SERIOUSLY!)
sr. member
Activity: 295
Merit: 250
I'm #604 (same username as here), but not logged in for months so my password is in the old hash form - I'm assuming it's been cracked, but would love to have confirmation. Anyone that's run Jack on the file able to PM or e-mail me or something if they have?

Paranoia mode on.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
Y'know, those < 3100 are all easily crackable? Sad

looks like somebody already cracked mine.

(Mine is < 400)

When I tried to log into my gmail account that was registered on mtgox I got this message from gmail: "suspicious activity reported. please change your password".

Good thing I had a unique password just for mtgox!  Grin

newbie
Activity: 8
Merit: 0
I'm 100  Smiley

I think I've registered on 2010-07-29, that's when I first sent coins to mtgox.
full member
Activity: 236
Merit: 100
I'm

51319   roebuck85   [email protected]   $1$Qc8worl4$dhGEsjtdKyEX9VS0C8Xko0


I signed up June 14th
sr. member
Activity: 336
Merit: 250
Hey anyone want to do me a favor and look "The Script" up on the list? I'm on my iPad at home, 3G Internet and I can't download the csv file but I'm curious what number I am at. I'm guessing less than 3000
sr. member
Activity: 308
Merit: 250
Wait, that means... There are MULTIPLE grues around these parts?  I get the feeling I'm about to be eaten...
sr. member
Activity: 284
Merit: 250
I'm under 2000 but above 1000.
full member
Activity: 196
Merit: 101
from accounts.csv (you know which one) Wink
Quote
4856,gruez,[email protected],$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

ps. this idea was stolen off of someone else.

Actually, aren't you

Quote

56   grue   [email protected]   9d7c5870687bd54118663f5422ea2b9c


?

I think he knows what his own email is?
legendary
Activity: 2058
Merit: 1452
from accounts.csv (you know which one) Wink
Quote
4856,gruez,[email protected],$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

ps. this idea was stolen off of someone else.

Actually, aren't you

Quote

56   grue   [email protected]   9d7c5870687bd54118663f5422ea2b9c


?
that was someone else.
sr. member
Activity: 308
Merit: 250
from accounts.csv (you know which one) Wink
Quote
4856,gruez,[email protected],$1$ZyEFTEke$cWSfcMkc7pjPmHLzMt7dv0

ps. this idea was stolen off of someone else.

Actually, aren't you

Quote

56   grue   [email protected]   9d7c5870687bd54118663f5422ea2b9c


?
hero member
Activity: 551
Merit: 500
These are your merchant Id#'s btw
member
Activity: 115
Merit: 10
NUMBER is in no relation to the signed up date, I signed up for a second account yesterday afternoon to split my risk, (or did I just double my risk???), And my new account number is in the 30ks... unless 30k more ppl signed up yesterday then I don't think they're related at all.

That's a good bit of information, thanks for sharing it. 

Now we know that this list was posted less than 24 hours after it was retrieved, and, either the account compromises from 3 days ago were unrelated, or this file was retrieved on multiple occasions.
Pages:
Jump to: