Silk Road forums

Discussion => Newbie discussion => Topic started by: Hamburgler21 on May 10, 2013, 07:23 am

Title: Locked Out of My SR Account
Post by: Hamburgler21 on May 10, 2013, 07:23 am
So ive only been a member of SR for like a month and already my main account was accessed and the PW was changed, I had pending orders, cancels, BTC etc in my account... Ive sent a message to support but haven't heard back and could take 48 hours. By then ill be SHOCKED if any of my btc is left!  :(

This is unacceptable, there NEEDS to be something in place to close, freeze or at least resolve a hacked account ASAP, this is peoples money and more at stake here  >:(

In my other post on this it appears others have had their account hacked also in the past day or two so beware people!
Title: Re: My SR account HACKED Beware!
Post by: scout on May 10, 2013, 07:34 am
This is unacceptable, there NEEDS to be something in place to close, freeze or at least resolve a hacked account ASAP, this is peoples money and more at stake here  >:(

Which is exactly why you have a presumably strong password AND a strong PIN.  No one can get the bitcoins from your account without both of those pieces of information.  Those are the things in place to prevent people from stealing your bitcoins.  If your account was accessed, then it is probably because you, at some point, put your password and PIN into a phishing site that looks like SR but was created to trick people.  Either that, or you're mistyping your password or your password and PIN were stolen somehow.  Have you ever used the same login info anywhere else?

Quote
In my other post on this it appears others have had their account hacked also in the past day or two so beware people!

That's not true at all, actually.  No one's account has been hacked.  What you're referring to are vendors who gave their passwords and PINs to a phishing site.  People didn't break into their accounts - they simply logged in using information the vendors provided.
Title: Re: My SR account HACKED Beware!
Post by: MisterMcfeely on May 10, 2013, 07:35 am
How exactly do you think your account was hacked?

Were you a victim of a phishing scam?


Mister McFeely
Title: Re: My SR account HACKED Beware!
Post by: Hamburgler21 on May 10, 2013, 07:46 am
This is unacceptable, there NEEDS to be something in place to close, freeze or at least resolve a hacked account ASAP, this is peoples money and more at stake here  >:(

Which is exactly why you have a presumably strong password AND a strong PIN.  No one can get the bitcoins from your account without both of those pieces of information.  Those are the things in place to prevent people from stealing your bitcoins.  If your account was accessed, then it is probably because you, at some point, put your password and PIN into a phishing site that looks like SR but was created to trick people.  Either that, or you're mistyping your password or your password and PIN were stolen somehow.  Have you ever used the same login info anywhere else?

Quote
In my other post on this it appears others have had their account hacked also in the past day or two so beware people!

That's not true at all, actually.  No one's account has been hacked.  What you're referring to are vendors who gave their passwords and PINs to a phishing site.  People didn't break into their accounts - they simply logged in using information the vendors provided.

I didn't come up with the strongest UN + PW in history but still strong non the less! Ive only ever used the same url to log in so unless the main site stole my credentials during the last few attacks, than no I did not give my information to a phishing site.

Sorry I guess I must have misunderstood when other people said their accounts were also hacked recently...  Lets not turn the victims into the bad guys okay? It did happen to me so id like to throw a warning out to others since it obviously is possible.
Title: Re: My SR account HACKED Beware!
Post by: android465764E on May 10, 2013, 07:50 am
The strongest passwords have letters, numbers, symbols, and a mix of upper and lower-case letters.
Never use real words, dates, or the same password twice.

Just my 2 penneth.
Title: Re: My SR account HACKED Beware!
Post by: scout on May 10, 2013, 07:50 am
During the attacks on SR, no one had their accounts compromised - that's not the kind of attack we were under.

Always make sure you are at the following URL:  silkroadvb5piz3r.onion   ... and never provide your PIN at the login screen.  If it asks for one, it's a phishing site url.

Once support is able to reset your password for you and you get back into your account, make sure that your password and PIN are both strong.  Keep in mind that the PIN should not just include numbers!
Title: Re: My SR account HACKED Beware!
Post by: Hamburgler21 on May 10, 2013, 07:54 am
Yeaaahhh gonna strengthen all login info for sure after this! Pardon my freakout and all Im Just hoping I don't loose any btc in the process...
Title: Re: My SR account HACKED Beware!
Post by: Hamburgler21 on May 12, 2013, 05:06 pm
WELLLLLLLL.........   72 hours later and still not a single response from support! MY Account is still 100% inaccessible...


This is why I think that there NEEDS to be a quick response support in the event of a compromised account... Even if my PIN is strong the thief has now had over 3 days to crack my PIN and steal all my BTC!
Title: Re: My SR account HACKED Beware!
Post by: smokecrack on May 12, 2013, 05:12 pm
umm, yeah... no.... you weren't hacked. imagine the time it would take to brute force over such a slow network. didn't happen. maybe you used the wrong URL and didn't realize it. seen it time and time again.

take responsibility for your actions and quit blaming others.
Title: Re: My SR account HACKED Beware!
Post by: abitpeckish on May 12, 2013, 05:22 pm
So ive only been a member of SR for like a month and already my main account was hacked recently, I had pending orders, cancels, BTC etc in my account... Ive sent a message to support but haven't heard back and could take 48 hours. By then ill be SHOCKED if any of my btc is left!  :(

This is unacceptable, there NEEDS to be something in place to close, freeze or at least resolve a hacked account ASAP, this is peoples money and more at stake here  >:(

In my other post on this it appears others have had their account hacked also in the past day or two so beware people!

Do not leave any more BTC in your account at any given time for longer than you absolutely need it to be there. It takes maybe an hour at worst to move your BTC to SR when you need it. It is absolutely a bad idea to keep BTC in your SR account. You should either be managing your own wallet or only dealing with exactly as much BTC you need to make transactions on a case-by-case basis.
Title: Re: My SR account HACKED Beware!
Post by: z3n on May 12, 2013, 06:28 pm
The fact that you can't login doesn't necessarily means that your account have been 'hacked' as you call it.

Did you log into a site  looking like SR but on another URL? If so, did this site ask you for your pin?

As long as you didn't answer those simple questions, it will be rather difficult to help you out...

Anyway, I hope that you'll get some help from support rather soon :)

Title: Re: My SR account HACKED Beware!
Post by: Hamburgler21 on May 12, 2013, 08:50 pm
umm, yeah... no.... you weren't hacked. imagine the time it would take to brute force over such a slow network. didn't happen. maybe you used the wrong URL and didn't realize it. seen it time and time again.

take responsibility for your actions and quit blaming others.

How bout you go back to smoking your crack there chief, cause you don't have a clue what your talking about.

Ive stated it many times, but I guess we got have a lot of lazy readers here ::) IVE ONLY EVER USED 1 URL to log in. The correct URL since Ive been on SR. Ive never logged into a phishing site, or provided my pin anywhere. Its NOT even possible since its always the SAME URL that i use. I'm very careful.

Now unless SR has taken control of my account there is NO other explanation as to why I cannot access my own account. So it was either broken into (which is very possible) or SR removed me? (less possible I guess?). In either event It can happen and sucks that none can help. This is a warning to all of you to make damn sure you have VERY strong passwords!
Title: Re: My SR account HACKED Beware!
Post by: Libertas on May 12, 2013, 09:02 pm
umm, yeah... no.... you weren't hacked. imagine the time it would take to brute force over such a slow network. didn't happen. maybe you used the wrong URL and didn't realize it. seen it time and time again.

take responsibility for your actions and quit blaming others.

How bout you go back to smoking your crack there chief, cause you don't have a clue what your talking about.

Ive stated it many times, but I guess we got have a lot of lazy readers here ::) IVE ONLY EVER USED 1 URL to log in. The correct URL since Ive been on SR. Ive never logged into a phishing site, or provided my pin anywhere. Its NOT even possible since its always the SAME URL that i use. I'm very careful.

Now unless SR has taken control of my account there is NO other explanation as to why I cannot access my own account. So it was either broken into (which is very possible) or SR removed me? (less possible I guess?). In either event It can happen and sucks that none can help. This is a warning to all of you to make damn sure you have VERY strong passwords!

There is also the possibility that you had - or indeed have - a keylogger running on your system. You should check for this, and guides for doing so are available on the clearnet; you can search for them through Tor.

Having your account 'broken into' is not "very possible", it is possible but highly implausible. It would take thousands of years to brute-force a 6 - 8 character long password using random lowercase characters - a more complex password would take much, much longer, and the more complex a password gets the time required to brute-force it grows exponentially.

Would you consider editing the title of your thread to reflect the fact that your account was NOT hacked, as it may be causing other newer members to worry unecessarily? :-\

Libertas
Title: Re: My SR account HACKED Beware!
Post by: scout on May 12, 2013, 09:06 pm
Changing the title of this thread to prevent unnecessary community panic over an issue that is NOT the result of "hacking".
Title: Re: My SR account HACKED Beware!
Post by: smokecrack on May 12, 2013, 09:08 pm
umm, yeah... no.... you weren't hacked. imagine the time it would take to brute force over such a slow network. didn't happen. maybe you used the wrong URL and didn't realize it. seen it time and time again.

take responsibility for your actions and quit blaming others.

How bout you go back to smoking your crack there chief, cause you don't have a clue what your talking about.

Ive stated it many times, but I guess we got have a lot of lazy readers here ::) IVE ONLY EVER USED 1 URL to log in. The correct URL since Ive been on SR. Ive never logged into a phishing site, or provided my pin anywhere. Its NOT even possible since its always the SAME URL that i use. I'm very careful.

Now unless SR has taken control of my account there is NO other explanation as to why I cannot access my own account. So it was either broken into (which is very possible) or SR removed me? (less possible I guess?). In either event It can happen and sucks that none can help. This is a warning to all of you to make damn sure you have VERY strong passwords!

i dont smoke crack. i have an account that has a password that is in the dictionary. nobody is going to be able to brute force your SR account. that would take forever. i bet you used the wrong URL before.
Title: Re: My SR account HACKED Beware!
Post by: smokecrack on May 12, 2013, 09:10 pm
Changing the title of this thread to prevent unnecessary community panic over an issue that is NOT the result of "hacking".

dont change it scout. this guy is a fucking genius that never got phished and he knows that for a fact. either his account was hacked or its administration. thats a FACT! this hacker wanted his account and his account only, or maybe administration wanted his account.

THIS IS UNACCEPTABLE!
Title: Re: Locked Out of My SR Account
Post by: michael58 on May 12, 2013, 09:36 pm
Hamburgler ...... I have read what you said and I can only wonder if there is ANY chance you did or did not use a required caps key ..... transposed numbers or alphas ..... I do believe you when you say you can not access your account. I can't be as sure your account was hacked. I believe when I signed up that there was a BIG disclaimer that if you loose or forget your password info that SR would not be able to help you and God knows there couldn't be anything more frustrating than not being able to access this particular account. I know when things go wrong for me at work the best solution is generally to just walk away from it for awhile get a cold drink relax and go back to it with a fresh start and clear mind. Easy for me to say I know.

I treat my account exactly like Abitpeckish said ....... never keep any more bitcoins in my account then I need to do whatever transaction I want to complete. Myself and friends using this site prefer to use DWOLLA ....... it takes a few days to fund Dwolla but you can keep a cash balance there and when you need to make a transaction on SR you simply do a transfer to MTGOX buy your bitcoins and transfer them to SR to make your purchase and your done. Provided your DWOLLA account is funded the entire process takes a few hours and you never have to leave the comfort of your easy chair to get it done.

Dwolla ...... Mtgox ...... and SR are all protected by different passwords and logins so it kind of adds a separate layer of protection. I really hope you get things sorted out ...... Best of luck !!

There also is a very simple device that logs key strokes ( LIbertas .....Data logger ) It simply inserts between you keyboard plugin and your desk top assuming you are using a desk top. This would have to be an inside job meaning someone form within you home. A friend of mine caught his wife cheating using one of these to get her log on to her e-mail account.
Title: Re: My SR account HACKED Beware!
Post by: Hamburgler21 on May 13, 2013, 05:55 am
Changing the title of this thread to prevent unnecessary community panic over an issue that is NOT the result of "hacking".

dont change it scout. this guy is a fucking genius that never got phished and he knows that for a fact. either his account was hacked or its administration. thats a FACT! this hacker wanted his account and his account only, or maybe administration wanted his account.

THIS IS UNACCEPTABLE!

Pretty hard to get phished when you save only 1 url for specific repeated use. Probably very difficult for a crack head like yourself to possibly imagine someone actually following procedures to prevent this very thing... Real mature of you trolling a thread about a jacked account btw.


Hamburgler ...... I have read what you said and I can only wonder if there is ANY chance you did or did not use a required caps key ..... transposed numbers or alphas ..... I do believe you when you say you can not access your account. I can't be as sure your account was hacked. I believe when I signed up that there was a BIG disclaimer that if you loose or forget your password info that SR would not be able to help you and God knows there couldn't be anything more frustrating than not being able to access this particular account. I know when things go wrong for me at work the best solution is generally to just walk away from it for awhile get a cold drink relax and go back to it with a fresh start and clear mind. Easy for me to say I know.

I treat my account exactly like Abitpeckish said ....... never keep any more bitcoins in my account then I need to do whatever transaction I want to complete. Myself and friends using this site prefer to use DWOLLA ....... it takes a few days to fund Dwolla but you can keep a cash balance there and when you need to make a transaction on SR you simply do a transfer to MTGOX buy your bitcoins and transfer them to SR to make your purchase and your done. Provided your DWOLLA account is funded the entire process takes a few hours and you never have to leave the comfort of your easy chair to get it done.

Dwolla ...... Mtgox ...... and SR are all protected by different passwords and logins so it kind of adds a separate layer of protection. I really hope you get things sorted out ...... Best of luck !!

There also is a very simple device that logs key strokes ( LIbertas .....Data logger ) It simply inserts between you keyboard plugin and your desk top assuming you are using a desk top. This would have to be an inside job meaning someone form within you home. A friend of mine caught his wife cheating using one of these to get her log on to her e-mail account.

Thanks bud. I came here to see if there was a solution to reclaiming my account but also to provide a warning to keep strong PW and pins to others. People can BS all they want and I dont blame them for not believing what im saying. But I do know the facts, and that's why im telling others to be more careful than myself...

It does say a lot about a community that when you have a shitting thing happen to you and then try to use that thing to help others, peoples reaction is to immediately jump down your throat, insist your wrong and that don't have a clue what your talking about, even Mods... That just strikes me as very odd.

To answer a few of your concerns, I did not forget my login info. I appreciate your help and suggestion to look at it with a clear mind, but I never had anything other than a clear clam mind. I don't know how to put it more clearly but I know what my login info is, and it simply no longer works. #1 I wrote it down and im looking at the paper now that has worked 100% of the time until that one day, and not since. #2 Ive tried every possible combination that I could have altered, capp'ed etc... #3 It was a VERY f'ing simple PW, a 6 yr old couldn't have forgotten or typed it wrong... Which brings me back to my main point, Since I can say with 100% certainty I did not access another url outside of the ONLY one i saved to access SR, I'm pretty sure someone guessed my PW, and guessed correctly. I assumed like many of these doubters who (are telling me I don't know what im saying) even a simple PW would take WAY to long to crack. Well it didn't in my case. I'm not placing blame on anyone but myself for not making a stronger PW, but the bottom line is, im not the Jackass who (by whatever means) broke into someone else's account and changed their PW.

As a few mentioned I shouldn't have kept btc in my account. Well I don't keep btc in my account. It just so happened that I had 2 vendors cancel orders on me and another 2 orders "pending" with no response (that I can assume may have been also canceled) and right before my account went under the btc were transferred back to my account... No inside jobs here, Im the only person that uses my computer. This was a simple case of me assuming I could get by with only a weak PW... Anyway thanks for the unassuming response, among some unreasonable and assuming posters.

To anyone else that's reading this and feel like telling me how right you are and how dumb I am, you can rest assured I wont be reading your post.  I retort, this post was to call attention to the need for a response to recover any lost account (regardless of how it was lost or stolen) AND to tell you to keep strong Logins and Passwords ALWAYS even when you think its not necessary!

 
Title: Re: Locked Out of My SR Account
Post by: android465764E on May 13, 2013, 08:41 am
The way I see it, one of two things has happened..

Either you logged in at a phishing site, or you have malicious software on your PC logging your passwords.

Since you're adamant that you've only used the correct URL, have you looked into the possibility of keylogging? 

As others have said, it's highly unlikely that your account was straight hacked.

Does anyone else know your password? Could anyone have seen you enter it?

If it were me, I'd be scanning for keylog programs like a maniac about now...
Title: Re: Locked Out of My SR Account
Post by: aredhel on May 13, 2013, 09:18 am
My account has been stable since 8 months, and I believe this is one of the most trustworthy websites.

I often have trouble logging in, I type correct name and password a few times and it simply rejects me, even when I try multiple times.
An hour or a day later it would work again. Must be a cookie or Tor thing.

Hamburgler, perhaps try again some hours later or perhaps try "changing your identity" on Tor. Or, delete the SR related cookies in your browser.

And yes I'm always checking the URL (of ANY site) when I type my logins - I'm very aware of those phishers ;)
Title: Re: Locked Out of My SR Account
Post by: abitpeckish on May 13, 2013, 06:24 pm
ITT: Willing participant in a black market complains about not having access to the amenities generally found in "legitimate" markets. Lulz were had.