Bitcointalk Hacked, User Data Possibly Leaked

Tuesday, 26/05/2015 | 14:32 GMT by Leon Pick
  • One of Bitcoin's longest standing and most used forums, Bitcointalk (Bitcoin Forum), has reportedly been attacked by a hacker,
Bitcointalk Hacked, User Data Possibly Leaked
Bloomberg

One of Bitcoin 's longest standing and most used forums, Bitcointalk (Bitcoin Forum), has reportedly been attacked by a hacker, who may have accessed sensitive data for thousands of users.

Approximately 500,000 users are registered on Bitcointalk, though not all of them are active.

Theymos, the forum's administrator, posted:

"On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:

- Email address

- Password hash (see below)

- Last-used IP address and registration IP address

- Secret question and a basic (not brute-force-resistant) hash of your secret answer

- Various settings"

He went on to assess that the hacker did not access personal messages or other sensitive data. He assessed the likelihood of the hacker successfully de-encrypting passwords, which depends on their length and variety of characters used. While in many cases, passwords would take unreasonably long to crack, those which contain real words and phrases should be assumed broken.

An initial assessment indicates that the hacker remotely accessed credentials to the forum from its server, and that a problem at the internet service provider's (ISP) end is to blame. The hacker then convinced the ISP that he is theymos, based on the credentials. The ISP reset the server for him, which gave him complete access to it and allowed him to bypass most of the forum's "carefully-designed security measures."

The hacker's e-mail was identified as: lopaz291@safe-mail.net

A bounty of 15 units of Xaurum cryptocurrency (XAU), converted to bitcoin, is being offered for info on the attacker's real-world identity. One XAU is currently worth approximately 0.57 BTC ($130.11).

One of Bitcoin 's longest standing and most used forums, Bitcointalk (Bitcoin Forum), has reportedly been attacked by a hacker, who may have accessed sensitive data for thousands of users.

Approximately 500,000 users are registered on Bitcointalk, though not all of them are active.

Theymos, the forum's administrator, posted:

"On May 22 at 00:56 UTC, an attacker gained root access to the forum's server. He then proceeded to try to acquire a dump of the forum's database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the "members" table. You should assume that the following information about your account was leaked:

- Email address

- Password hash (see below)

- Last-used IP address and registration IP address

- Secret question and a basic (not brute-force-resistant) hash of your secret answer

- Various settings"

He went on to assess that the hacker did not access personal messages or other sensitive data. He assessed the likelihood of the hacker successfully de-encrypting passwords, which depends on their length and variety of characters used. While in many cases, passwords would take unreasonably long to crack, those which contain real words and phrases should be assumed broken.

An initial assessment indicates that the hacker remotely accessed credentials to the forum from its server, and that a problem at the internet service provider's (ISP) end is to blame. The hacker then convinced the ISP that he is theymos, based on the credentials. The ISP reset the server for him, which gave him complete access to it and allowed him to bypass most of the forum's "carefully-designed security measures."

The hacker's e-mail was identified as: lopaz291@safe-mail.net

A bounty of 15 units of Xaurum cryptocurrency (XAU), converted to bitcoin, is being offered for info on the attacker's real-world identity. One XAU is currently worth approximately 0.57 BTC ($130.11).

About the Author: Leon Pick
Leon  Pick
  • 1998 Articles
  • 5 Followers
About the Author: Leon Pick
  • 1998 Articles
  • 5 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}