Topic: Why bctalk accounts are getting hacked? (Read 428 times)

Yeah I did.
But didn't read several replies as the OP already gave me the information I'm looking for. Anyway thanks for the info.
Thanks @mdayonliner.

Did you even read the link I posted? Or just the title?

The forum software (SMF) includes the Secret Question method of recovery by default. However, theymos disabled that option for security purposes due to the 2015 hack that leaked the Secret Questions and Answers of the users. He didn't change the page text (that says you can recover your acc with the Secret Question), but it doesn't matter.

I never seen any stats. My one was just an assumption.

Don't worry... follow this

I never tried/used secret password and I don't plan to use it for unknown reasons but if no one can access your account by just using it, why it says "To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password."

It means anyone who can guess it will have access to the account because it's like a second password and is used to retrieve the account. I'm really confused which one to believe. But I don't want to try it myself.

But actually, I've set a secret question in my account before. I just forgot what's the answer  

---

I've read the topic about this secret question in the link you have provided in the first page but I'm just wondering why the description says different. Well I believe you now as there are several members who already tested it out.

If you are so sure about this, why don't you set up a Secret Question and try yourself?

Spoiler: NO. No one can access your account with just the secret answer. This will only lock your account - as explained in the previous page. Please read the whole thread before making a new post.

I'm also wondering why there are still issues about hacked account excluding those accounts that has been hacked in that database leak back in 2015. I mean, are they too careless?

I'm thinking that maybe some bounties also contains phishing. Some bounties requires a some sort of "google form" where applicants must fill up first and it's possible that some of those forms are phishing. As we can see, most of those reported accounts that has been hacked are participating bounties.

That would definitely avoid phishing links   but not all links posted in this forum are phishing. I prefer "Checking the link first before clicking it" since some links are useful and some are obviously not phishing.
Yeah, people would be so stupid to put "123455789" or "qwerty" etc as their password. Though some really do  

I'm taking good care of my account, I'm checking links before I click them, I'm not logging in to any public PC or someone else's phone and I'm using a strong password, lets just see if my account will still be hacked in the future. But I'm hoping I will not happen.

My additional tip is to avoid joining bounties/airdrops or check their form first before putting information or clicking the link. It's really possible that some phishing links are from other bounties/airdrops.

Is anyone ever think of that?

It's probably because I'm right that most of these accounts are participating bounties where some bounties contains phishing.

Please either dont quote a message or fully quote it ...


You can see this in your profile>Account Related Settings>Secret Question
Its written in BOLD :

Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.

This is true it is due to the fact that most users are of low rank as the photo below shows, and of course the people who have been here on the forum for a long time have also learned about how others protect themselves, so I think that, apart from the accounts attacked during the hacker attack, the oldest accounts are the safest ones


credits to: https://bitcointalksearch.org/topic/2-million-users-and-their-stats-4901670

This is a very good point. I nearly fell for a Phishing Scam after clicking on a link posted in the Services board. The link took me to a page looking identical to the login screen of bitcointalk.org. Luckily for me, I checked the URL, which of course wasn't on the bitcointalk domain, and I didn't enter my login data. But someone else (or me in a different situation) might have overlooked the URL check.

Most of the accounts are registered after 2015


No, frequent users do not use google to connect to the forum. Either they type the URL address or they use the bookmarked URL in their browser
There are more accounts hacked with a low rank than a hight one

I hardly believe the number of people using a weak password is so hight

The reason why the accounts are hacked seems obvious to me and is an economic move, accounts stolen are used to wear the signature with a high rank or to be sold.
High rank accounts can be worth thousands of dollars and provide thousands of dollars from various signatures campaigns.
How are these accounts hacked? First of all the ignorance of the users.
Edit: (somone wrote this link seconds before me )
You can follow this guide to learn more about the security of your account https://bitcointalksearch.org/topic/m.44294262

My MEW was hacked yesterday. the reason is because i joined some airdrops yesterday. most of the time phising site , copyboard, using same Email and password for every wallet, saving password in browser etc. there are many other reason and many new ways created everyday. For your protection https://bitcointalk.org/index.php?topic=4920096.0%20[Guide read this topic. It will be helpful.

Spot on! Secret Question account recovery just locks the account, it has nothing to do with account hack.

I remember I was worried about Secret Question too since I heard that it can lock the account. I was looking for help here and there to know how to remove it so that I can feel safe. Then one day after following a post, I gave it a try to remove it and it worked. Since then I have no secret question attached with my account.

Database leak become the main reason why many account got hacked.
Why they want to hack ?
Because some account may worth more than $ 1000 !

AFAIK, the "Secret Question" actually locks your account. So I don't think it's one of the major reasons why many accounts are getting hacked. My guess is that most people are getting hacked because they are using the same password in other websites - e.g ICO related websites/dashboards, which is even worse - or because their computer are infected. I've never seen a tech-savvy user getting hacked here.

It didn't.

For reference: PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT

I hope that the launched of the new bitcointalk forum will have a more security feautures like 2fa or the use of verified signed bitcoin address.
If the "Secret Question" is one of the reasons why accounts are being hacked, then why is it still there? More people will get confused whether they will use it or not.

Based from my findings, most of the hacks are because of the database leakage last 2015 and also the security features of the site that time that are not yet fixed that time, and also to those people that are not changing their passwords.

The reasons why people are getting hacked are most likely not only because of the security question feature. There are a lot of ways of people getting hacked. I personally think the #1 reason is still that people use the same passwords on multiple accounts; and if one of those account's password gets leaked, then the hacker pretty much has access to almost every account the user has. And that's just the tip of the iceberg. There are lots more ways.

Actually most of the hacks are coming from "Secret Question".
If you dont have "Secret Question" and want to change email or password, forum will send you email notification to approve your request.
But if you have "Secret Question" , it will ask it, then the hacker have unlimited tries/retries to guess the answer and change your email and password.

Mine got hacked by my "Secret Question" .

I don't think that database leak in 2015 is the main reason of high number of hacked accounts. As I see, biggest number of hacked accounts was made after 2015. So, probably main reason of account hacks is phishing websites and people using weak passwords.