Silk Road forums
Discussion => Newbie discussion => Topic started by: Hamburgler21 on May 14, 2013, 09:45 pm
-
Okay so this IS the second time im posting the message. Please do not change my title again.
In my first thread I tried to warn the community that my SR account had been broken into or hacked somehow. I was then basically told I didn't know what I was talking about (since its not possible) mocked in my thread, was told it was my fault somehow??
They even went so far as to change the title of my post saying that accounts couldn't be hacked and even if it was broken into my BTC were in no danger because I had a strong PIN number...
WELL GUESS WHAT?? I WAS RIGHT THE WHOLE TIME! >:( 4 days later SR Support got back to me with a password reset and I got back into my account finally today. Well, by this time someone when through and canceled all my orders, requested refunds, cracked my PIN number, and withdrew all my BTC. I only had JUST had put BTC in my account to make a purchase and had other BTC tied up with slow shipping vendors. Well the vendors gladly obliged and quickly refunded this account hacking ass clown, and had over 1.5 BTC stolen from my account!!
Now, allow me to retort with the original information I provided in my post before I was told I was crazy. I NEVER provided my information to a phishing site. I ALWAYS used the same accurate URL when going to SR. My Password was strong, but not the kind of strong that you go out of your way to make sure no one could ever force their way past. My PIN was also strong and they clearly had no trouble cracking it also to take my BTC from my account.
Ill say it again, accounts can and are being broken into, this was an account ive only had active for maybe 3 weeks. There NEEDS to be a way to recover an account that has been overtaken so people are not robbed blind (like I was) while there was nothing I could do but wait days for a response.
-
You're claiming that your password and PIN were strong, that you never provided it to a phishing site, and that somehow someone cracked both your password and PIN?
Then you note that "My Password was strong, but not the kind of strong that you go out of your way to make sure no one could ever force their way past."
WHY WASN'T IT? If you have a strong password, no one should be able to guess it. The fact that you mention that you didn't make it strong enough to prevent that is reiterating the fact that this could have been avoided by using a strong password.
You should ALWAYS use strong passwords. Why would you ever use a password that you acknowledge is not strong enough to prevent someone from guessing it? Seems pretty counter-intuitive.
You complain about there needing "to be a way to recover an account ... so people are not robbed blind" --- if your password and PIN are strong, you will not be "robbed blind" because no one will be able to gain access to your account simply by somehow GUESSING your password AND PIN!
I'm sorry that you lost money, but you said it yourself - you didn't protect it well enough because you weren't using a strong password. (or you claim to be using a strong password but "not strong enough" to prevent this type of thing from occurring.)
-
You must have been phished or logged in and used your PIN on a compromised computer.
-
This is unfounded FUD and the title was rightfully changed.
-
You guys can say whatever you want but I know that facts and im trying to prevent it from happening to others.
Yes, even though my Password could have been stronger my PIN WAS strong. Not only is it the 1 and only URL I ever used to log into SR with BUT I never would provide my PIN number to any site asking for it. THAT'S INSANELY STUPID! How dumb would someone need to be to willingly provide all 3 pieces of information to their account? oh btw anyone want my SS and bank account numbers while were at it?? I never provided my PIN anywhere or to anyone. I am the sole user of my computer.
So the fact that my password could have been guessed or cracked still leaves the fact that whoever broke into my account then was able to crack a difficult PIN number? How do you figure that one? A freaking miracle guess?
Since this is my fault and all, lets talk about passwords for a min... When I say it "wasnt a password that could prevent all breakins for life" Im talking about a "standard password" example: JoeMightyShits
Do we really have to assume that "JoeMightyShits" is NOT strong enough and that it could be hacked in a few days?
Sorry but not all passwords look like this "972xYKAkadfUasUASB*&%783$@#JASjkHDklIsMwGl:'(&^YYraPtz"
-
Sorry but not all passwords look like this "972xYKAkadfUasUASB*&%783$@#JASjkHDklIsMwGl:'(&^YYraPtz"
I only lost .45 BTC. Now my passwords and my pins look very similar to that. Never again. I know it sucks. I was sick for two days over my loss, and I'm still not convinced 100% that I got phished. If I did, it was a long time ago when I first started poking around on here. Sorry that happened to you, man.
-
There are only 3 ways for your account to be compromised:
1. Compromised computer (malware, trojan, etc.)
2. Onion.To and the like
3. Phishing
That being said, whatever underlying software SR runs on has been claimed to be safe. How accurate is that statement? Well, pretty accurate, otherwise we'd have a bunch of noobs on here complaining that their SR account got hacked, their orders were cancelled and all their BTC was stolen.
So, yeah, it's one of the top 3.
Might I suggest only accessing SR via a CD with Tails via a Tor'd VPN? Just saying.
-
Also, when you say "PIN number" I worry that this means your PIN was a 4 digit numeric code like a bank PIN ... when in reality, it should consist of numbers, letters, etc. and should be way more than 4 characters long.
Was your PIN a 4 digit numeric code?
Sorry but not all passwords look like this "972xYKAkadfUasUASB*&%783$@#JASjkHDklIsMwGl:'(&^YYraPtz"
But they should.
-
I know that it comes too late and is probably annoying, but the best policy in future is to use a password manager like keepass.
Then you have your URLs and Passwords and Usernames all setup, with complex passwords, keylogger protection, encrypted password storage and so on.
Do it now for all your online accounts. It'll save you at least ten minutes screwing around every day if you're a average to moderate internet user even. You'll be able to login faster, won't forget passwords and it is far more secure. Makes phishing more or less impossible.
Never use a online storage facility though. Holy fuck is that the ultimate bad idea. You might as well FedEx your SR account login to the FBI while you're at it.
Do it now for everything you have that is internet related, all the accounts, urls and so on. Losing that 1.5 BTC might actually save you a lot more in the long run.
Note: You shall have to change all your passwords for all your old accounts for this to make sense.
-
Do i read that right? shipments were refunded and people finally finalized and you loaded your account to make purchases and 1.5 BTC were stolen??????? this is a cheap lesson for you on security measures.....
how about the people how's shipping info was just exposed to the hacker???? did you warn them they may have been compromised?
-
I am calling BS on this. Your SR account wasn't hacked, your computer was. It's called a keylogger... It's the ONLY way this makes sense, otherwise it is a BS story. PERIOD. I work in computer security and hacking, there is absolutely NO way, unless you used passwords like 1234 and 4 digit pins that match the account password. Anything over 4 digits would take months to crack, unless it was keylogged...