ThomasV

Legendary



Offline



Activity: 1897

Merit: 1025









ModeratorLegendaryActivity: 1897Merit: 1025 Twitter and GMX accounts compromised December 10, 2014, 10:14:08 AM #1 -----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



I am Thomas Voegtlin, main developer of the Electrum Bitcoin

wallet.



On Dec. 6th, 2014, my GMX email account has been compromised and its

password was reset. Using access to my GMX account, the attacker could

obtain a password reset of my @ElectrumWallet Twitter account, and

posted racist messages on it. I have since then regained control of my

GMX email account, and I hope that the Twitter situation will get

resolved soon.



The Electrum website, SSL certificate, Github account, were not

affected by the attack, and the source code of Electrum was not

modified.



At this point it is not known how my GMX account was compromised, so I

will consider that email address as permanently compromised, even if I

have regained access to the account. I will post more information once

the situation is fully resolved.



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1



iQIcBAEBAgAGBQJUiBwuAAoJECvVgkt/lHDmbDMP+gNHQUvlQPGEAlsgf4xToPQ0

+/aGRrj2DiKNT32EwcyZOqKjdrYUgSNXHAfDEFHgZDgEXTReIZS/FxVNdZXT/g+H

kJvb3mpso4hhk/OXOOtDEINkAw/VAu8Sw70+v+VwCbOE5ZfrNpQXFkjoAb706dvk

aO1OgzICRISniVHWkZ9E4RmC/L+Y14bicE+7KOh2vmFX2vHJ0WI/7QLRrvvrwkl8

3OnGUS4bnBOGX/DHCT3EmW8GS8CNJrWwfrOgkl/yHY4gpeW7VMsc3p0Uaow96ne8

ZeyH4UOdZiBOHRvGPnh2SmhThHtM4TLDJ3f+v8p3mx8tjH7EGGRKWp9M0knFySWr

iBYSjjgO0nSMctyfyNOxyuYMuMoQfsUpD0C2SO9SuW8VVaPWh/ovocJp5OFpNHuf

rR1DlfAKgMMSvxb4NHTUs4vJlhOzCakuNqjnuqU6F1glP33ALe3lkd7QmDg/Dirg

ndsscaTM+LTVR4ZWV0+Bsi+tpSigYW5+etGBfWNkfUprvHDHQIHTOu3xGMXRmCYL

R1Q84lYBCasBVFo9nrc0sa7XH/mtlZqzEJrfWk7fd8XlV2wk4JmUBuTd7C0F4eq8

0IIAOwD+662blWJ8vet+EMvCQHpsSubS0159fJ+LwebSQU7HVRHJhgKHirtA7Kdz

I0RoVkmUflBvv4Ng/2Lt

=fPjo

-----END PGP SIGNATURE-----

Electrum : the convenience of a web wallet, without the risks

molecular

Legendary



Offline



Activity: 2730

Merit: 1016









DonatorLegendaryActivity: 2730Merit: 1016 Re: Twitter and GMX accounts compromised December 16, 2014, 11:19:52 PM #5 I'm starting to suspect some problem at gmx.



My gmx account password was changed on the 12th (not by me). I don't know how they did it and gmx isn't helping.



Regained access by sending credentials and shit to gmx.



Strangely, I couldn't find any traces of activity by the bad guy(s). PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769

molecular

Legendary



Offline



Activity: 2730

Merit: 1016









DonatorLegendaryActivity: 2730Merit: 1016 Re: Twitter and GMX accounts compromised December 31, 2014, 03:20:30 PM #6 my gmx password was changed again on 12/30 (wasn't me)



now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).



I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.



PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769

shorena

Legendary



Offline



Activity: 1498

Merit: 1346





No I dont escrow anymore.







Copper MemberLegendaryActivity: 1498Merit: 1346No I dont escrow anymore. Re: Twitter and GMX accounts compromised January 01, 2015, 12:19:03 AM #7 Quote from: molecular on December 31, 2014, 03:20:30 PM my gmx password was changed again on 12/30 (wasn't me)



now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).



I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.



I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this. I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this. Im not really here, its just your imagination.

molecular

Legendary



Offline



Activity: 2730

Merit: 1016









DonatorLegendaryActivity: 2730Merit: 1016 Re: Twitter and GMX accounts compromised January 01, 2015, 03:00:30 AM

Last edit: January 01, 2015, 09:39:32 AM by molecular #9 Quote from: shorena on January 01, 2015, 12:19:03 AM Quote from: molecular on December 31, 2014, 03:20:30 PM my gmx password was changed again on 12/30 (wasn't me)



now, I was as CCC (german 'hacker' congress) and accidentally had wifi enabled on the first day. My K9 mail polls all my mail accounts regularly via IMAP. The settings of the gmx account were to use STARTTLS and 'normal password'. Since I'm assuming this is safe (assuming TLS > 1.0 is used and the 'normal password' is sent via TLS encrypted channel, correct me if I'm making wrong assumptions), I find it more likely that the "gmx password reset exploit" has been used again on me (see previous mail).



I now consider gmx to be incompetent and their service to be highly unsafe. I moved all of 22743 emails from their servers and will change the email on all important sites I used it on.



I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this.

I saw plenty people log into all kinds of accounts via WiFi on a broad variety of machines which included WinXP at 31c3 and I doubt there have been issues regarding this.

yes, I think it's unrelated to my 31c3 visit.



password got changed yet again.



yes, I think it's unrelated to my 31c3 visit. PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769

molecular

Legendary



Offline



Activity: 2730

Merit: 1016









DonatorLegendaryActivity: 2730Merit: 1016 Re: Twitter and GMX accounts compromised January 01, 2015, 03:31:31 AM #10 Quote from: someguy123 on January 01, 2015, 03:00:20 AM Satoshi, ThomasV, and Molecular have all been affected by their GMX email being hacked? I think this is more than enough warning for those using GMX to migrate to a new mail provider ASAP, there's either a serious flaw in GMX, or someone inside of GMX is doing some dirty work against those known to use cryptocurrencies.



I agree. I can only recommend staying away from gmx, at least for now.



My best guess is some exploit on gmx that allows password reset. I agree. I can only recommend staying away from gmx, at least for now.My best guess is some exploit on gmx that allows password reset. PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769

ThomasV

Legendary



Offline



Activity: 1897

Merit: 1025









ModeratorLegendaryActivity: 1897Merit: 1025 Re: Twitter and GMX accounts compromised January 23, 2015, 10:58:01 AM #12 update: I have finally regained access to the @ElectrumWallet Twitter account, and removed the racist posts.



I still do not know how my GMX email account was compromised, but apparently I was not the only one (Satoshi, molecular, bitbiz.io).

I can only advise to stay away from GMX (as well as their variants: mail.com, etc)



Electrum : the convenience of a web wallet, without the risks