Bitcointalk Hacked, User Data Possibly Leaked

One of Bitcoin's longest standing and most used forums, Bitcointalk (Bitcoin Forum), has reportedly been attacked by a hacker,

One of Bitcoin’s longest standing and most used forums, Bitcointalk (Bitcoin Forum), has reportedly been attacked by a hacker, who may have accessed sensitive data for thousands of users.

Approximately 500,000 users are registered on Bitcointalk, though not all of them are active.

Join the iFX EXPO Asia and discover your gateway to the Asian Markets

Theymos, the forum’s administrator, posted:

“On May 22 at 00:56 UTC, an attacker gained root access to the forum’s server. He then proceeded to try to acquire a dump of the forum’s database before I noticed this at around 1:08 and shut down the server. In the intervening time, it seems that he was able to collect some or all of the “members” table. You should assume that the following information about your account was leaked:
– Email address
– Password hash (see below)
– Last-used IP address and registration IP address
– Secret question and a basic (not brute-force-resistant) hash of your secret answer
– Various settings”

Suggested articles

What Are Some Solutions to Increased Mobile Security Threats?Go to article >>

He went on to assess that the hacker did not access personal messages or other sensitive data. He assessed the likelihood of the hacker successfully de-encrypting passwords, which depends on their length and variety of characters used. While in many cases, passwords would take unreasonably long to crack, those which contain real words and phrases should be assumed broken.

An initial assessment indicates that the hacker remotely accessed credentials to the forum from its server, and that a problem at the internet service provider’s (ISP) end is to blame. The hacker then convinced the ISP that he is theymos, based on the credentials. The ISP reset the server for him, which gave him complete access to it and allowed him to bypass most of the forum’s “carefully-designed security measures.”

The hacker’s e-mail was identified as:

A bounty of 15 units of Xaurum cryptocurrency (XAU), converted to bitcoin, is being offered for info on the attacker’s real-world identity. One XAU is currently worth approximately 0.57 BTC ($130.11).

Got a news tip? Let Us Know