Why are so many accounts being reported as hacked?

BTCeminjas

member

Activity: 322

Merit: 23

That's the reason why we are the one who has a responsibility to keep safe our password in bitcointalk account and email account, don't make do the same password in your email account in bitcointalk account or even other accounts. Recently issues that having a phishing link in bitcointalk that fooled people and that was probably the cause when you log in a wrong website.

Quote from: hugeblack on May 17, 2018, 09:01:09 AM

***-SNIP-
d) Fake ICOs: Many require to create a new account"any jobs related to username and password" and add bitcointalk information "People usually use the same password for all accounts."

Plus traditional methods of hacking accounts" hacking emails, secret Question,...."

Exactly, maybe one of the reasons those ICO intended a scam to their participants.
Or those signing in airdrops also be careful on that.

LTU_btc

legendary

Activity: 3080

Merit: 1338

Slava Ukraini!

I can tell you from my own experience, why my account was hacked. I just didn't cared much about security. I used weak password and no 2FA on my email. No surprise - it was hacked. Then hacker changed my bitcointalk password with "Forgot your password?" function, later he changed email address of bitcointalk. Luckily, I was able to recover my account by signing a message from staked Bitcoin address. It was very good lesson for me that I need to secure my mail, exchange and other accounts with strong unique passwords and 2FA.

hugeblack

legendary

Activity: 2506

Merit: 3645

Buy/Sell crypto at BestChange

Quote from: TheQuin on May 17, 2018, 03:09:36 AM

Two big reasons I know of:
a) The forum was hacked back in 2015, and the encrypted database is available on the darknet. Accounts with weak passwords are vulnerable to being brute forced.
b) The .to and other phishing sites masquerading as mirror sites. They often show up on a Google search ahead of the real site.

c) BitcoinTalk mobile Apps: Many unofficial applications appear on Google Play.
d) Fake ICOs: Many require to create a new account"any jobs related to username and password" and add bitcointalk information "People usually use the same password for all accounts."

Plus traditional methods of hacking accounts" hacking emails, secret Question,...."

Jet Cash

legendary

Activity: 2688

Merit: 2444

https://JetCash.com

Thanks for all the replies guys, and I hope that a few members will read the thread, and avoid losing their accounts.

I forgot about phishing, probably because I use direct navigation instead of clicking links in email. In fact the google omnibox has become a real nuisance for me, and I may put some direct navigation boxes on some of my pages to bypass Google.

lebrone08

jr. member

Activity: 142

Merit: 2

Quote from: Jet Cash on May 17, 2018, 02:56:37 AM

The forum login doesn't appear to be particularly vulnerable to me, and the use of a decent anti-virus package should provide some additional protection. My instinct is to believe that most of the hacked accounts are sold accounts, but I'm not sure that reporting them would be of much benefit.

The other alternative is a lack of sensible precautions. Leaving a computer logged into Bitcoin Talk whilst you go to the 'loo, or some other place, would seem to be pretty stupid if you are posting from a location with other computer users nearby. Allowing your browser to supply passwords is fine if you are sure nobody else will use your machine, but if you are in a dormitory, and leave your machine unattended, then it may not be the most sensible thing to do.

So do we have a profile of the people who are losing their accounts? Are most of them posting from educational establishments or libraries?

phising is number reason why theirs a lot of account have been scam. most of the scammer send a personal message were in, if you open the links it will automatically copied all your important information so better stay away from all the message that is not related from you or anonymous sender.

TheQuin

hero member

Activity: 2576

Merit: 882

Freebitco.in Support https://bit.ly/2I9BVS2

Quote from: demonic098 on May 17, 2018, 03:39:09 AM

Good day Quin Wink

For A. I don't think brute force will work well here, In our login form we have a captcha and that will prevent brute force + we have a limit on incorrect passwords.

They can buy the database that has an MD5 hash of the password and brute force it offline.

Quote from: demonic098 on May 17, 2018, 03:39:09 AM

For B. The phishing site has a captcha error so I think it wouldn't work anymore(hopefully).

That's good news but there will be many more phishing sites to replace it.

Quote from: demonic098 on May 17, 2018, 03:39:09 AM

Plus an experienced member here has a "hairstrand" of a chance get phished by that site because a lot of members here is aware of that phishing site but we should still spread the word.

It's the far greater number of inexperienced members that are getting hacked.

demonic098

jr. member

Activity: 252

Merit: 2

Ximply for president!!!

Quote from: TheQuin on May 17, 2018, 03:09:36 AM

Two big reasons I know of:

a) The forum was hacked back in 2015 and the encrypted database is available on the darknet. Accounts with week passwords are vulnerable to being brute forced.

b) The .to and other phishing sites masquerading as mirror sites. They often show up on a Google search ahead of the real site.

Good day Quin Wink

For A. I don't think brute force will work well here, In our login form we have a captcha and that will prevent brute force + we have a limit on incorrect passwords.

For B. The phishing site has a captcha error so I think it wouldn't work anymore(hopefully). Plus an experienced member here has a "hairstrand" of a chance get phished by that site because a lot of members here is aware of that phishing site but we should still spread the word.

I hope one of those accounts that have been hacked share his/her statement here Wink

.

hilariousetc

legendary

Activity: 2814

Merit: 3036

Join the world-leading crypto sportsbook NOW!

Quote from: actmyname on May 17, 2018, 03:05:45 AM

Account sale -> Report as hacked -> Easy scam, especially with the new email resets.

Well it would be an easy scam if people ever got their accounts back. Those that didn't change their passwords since the forum breach is the main reason. Most people probably get them hacked by either downloading malware or logging onto phishing sites.

TheQuin

hero member

Activity: 2576

Merit: 882

Freebitco.in Support https://bit.ly/2I9BVS2

Two big reasons I know of:

a) The forum was hacked back in 2015 and the encrypted database is available on the darknet. Accounts with weak passwords are vulnerable to being brute forced.

b) The .to and other phishing sites masquerading as mirror sites. They often show up on a Google search ahead of the real site.

actmyname

copper member

Activity: 2562

Merit: 2510

Spear the bees

Account sale -> Report as hacked -> Easy scam, especially with the new email resets.

bitperson

full member

Activity: 210

Merit: 119

My guesses would be phishing (the lookalike .to site, with its high placement in Google results, seems like a perfect way to collect Bitcointalk passwords) and password stealing malware disguised e.g. as altcoin wallets.

Jet Cash

legendary

Activity: 2688

Merit: 2444

https://JetCash.com

The forum login doesn't appear to be particularly vulnerable to me, and the use of a decent anti-virus package should provide some additional protection. My instinct is to believe that most of the hacked accounts are sold accounts, but I'm not sure that reporting them would be of much benefit.

The other alternative is a lack of sensible precautions. Leaving a computer logged into Bitcoin Talk whilst you go to the 'loo, or some other place, would seem to be pretty stupid if you are posting from a location with other computer users nearby. Allowing your browser to supply passwords is fine if you are sure nobody else will use your machine, but if you are in a dormitory, and leave your machine unattended, then it may not be the most sensible thing to do.

So do we have a profile of the people who are losing their accounts? Are most of them posting from educational establishments or libraries?

Topic: Why are so many accounts being reported as hacked? (Read 208 times)