theymos

Legendary



Offline



Activity: 3892

Merit: 7919







AdministratorLegendaryActivity: 3892Merit: 7919

Bitscalper passwords have been leaked February 13, 2012, 05:20:31 AM #1 I have received and confirmed a report from chsx3 that a security flaw exists in the bitscalper.com website allowing all username/password combinations to be retrieved in plaintext. Passwords are not hashed. While it is not known for sure that an attacker has discovered the flaw, you should assume that the list is public.



Anyone with a bitscalper account should immediately:

- Withdraw all funds. No one should trust bitscalper.com after a security flaw of this sort, and I wouldn't be surprised if they run away with everyone's money once this gets out.

- Change your password on any site where you've used the same password as bitscalper.com.



Because I do not consider Bitscalper to be reputable, I've decided to announce the existence of this flaw publicly before sending the technical details to bitscalper. Otherwise I fear that he may run away with everyone's money instead of alerting his users and losing trust.



Hats off to chsx3 for not abusing this. He could have easily stolen thousands of bitcoins from Bitscalper users.