Dropkickdragout



Offline



Activity: 98

Merit: 10







MemberActivity: 98Merit: 10 mtgox account compromised...anyone else? June 08, 2013, 04:46:14 PM #1 so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own. they cleaned me out. they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me. was wondering if anyone else had been compromised today? NTXCoin - 20%Free+75%IPO Next Exchange System address:

2251413452915956769 2251413452915956769

Hawkix



Offline



Activity: 530

Merit: 505









Hero MemberActivity: 530Merit: 505 Re: mtgox account compromised...anyone else? June 08, 2013, 07:39:03 PM #6 Quote from: Dropkickdragout on June 08, 2013, 05:01:46 PM is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.



Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.



My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.



LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.



The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.



Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.



Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again. Hawkix7GHym6SM98ii5vSHHShA3FUgpV6

http://btcportal.net/ Donations: 17GHym6SM98ii5vSHHShA3FUgpV6- All about Bitcoin - coming soon!

Dropkickdragout



Offline



Activity: 98

Merit: 10







MemberActivity: 98Merit: 10 Re: mtgox account compromised...anyone else? June 08, 2013, 10:33:17 PM

Last edit: June 08, 2013, 10:59:36 PM by Dropkickdragout #7 Yea, the funds were sent to what i assume is an offsite address, possibly belonging to another exchange, no way for me to know, its just a devastating loss for me. Guess i should have known better than to leave usd on my account without a yubikey.



But im not accepting all the blame here. Maybe if Mt. Gox had some sort of ip address lock this wouldn't have happened. because after all, like i said i am a US customer and the hacker's ip was chinese....this should have instantly raised a red flag to some system somewhere, but Mt. Gox in it's infinite wisdom apparently has no such system. Now i suppose i just have to wait for the classic "call the authorities and report this and we will cooperate with them. which clearly im not going to do because it wont accomplish anything. NTXCoin - 20%Free+75%IPO Next Exchange System address:

2251413452915956769 2251413452915956769

zhcy123



Offline



Activity: 129

Merit: 100







Full MemberActivity: 129Merit: 100 Re: mtgox account compromised...anyone else? June 09, 2013, 12:51:52 AM #10 Quote from: Dropkickdragout on June 08, 2013, 04:46:14 PM so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own. they cleaned me out. they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me. was wondering if anyone else had been compromised today?



I suspect their internal operations, because I have 2FA,And MTGOX very many stolen I suspect their internal operations, because I have 2FA,And MTGOX very many stolen

Branzig



Offline



Activity: 316

Merit: 250





@WizardOfOre







Sr. MemberActivity: 316Merit: 250@WizardOfOre Re: mtgox account compromised...anyone else? June 09, 2013, 12:01:46 PM #12 Quote from: Hawkix on June 08, 2013, 07:39:03 PM Quote from: Dropkickdragout on June 08, 2013, 05:01:46 PM is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.



Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.



My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.



LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.



The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.



Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.





Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.

My 4 BTC didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take my BTC out because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.



-Branzig

My 4didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take myout because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.-Branzig Win Free Bitcoins every hour! - www.freebitco.in = UniteCoin OFFICIAL ANN =

zhcy123



Offline



Activity: 129

Merit: 100







Full MemberActivity: 129Merit: 100 Re: mtgox account compromised...anyone else? June 09, 2013, 01:44:38 PM #13 Quote from: Branzig on June 09, 2013, 12:01:46 PM Quote from: Hawkix on June 08, 2013, 07:39:03 PM Quote from: Dropkickdragout on June 08, 2013, 05:01:46 PM is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.



Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.



My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.



LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.



The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.



Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.





Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.

My 4 BTC didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take my BTC out because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.



-Branzig



My 4didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take myout because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.-Branzig



DoomDumas



Offline



Activity: 1001

Merit: 1000





Bitcoin forever !







LegendaryActivity: 1001Merit: 1000Bitcoin forever ! Re: mtgox account compromised...anyone else? June 11, 2013, 03:42:02 AM #14 I dont understand whay so many user are still using MtGox.. the volume is one point, but not enought interesting IMO. I do trade on other smaller exchange, and I'm quite happy. Let the bot trade between themselve and get out of this ASAP !