Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.
Previously broken passwords - yes, but I'm not talking about reusing passwords. I'm talking about patterns that help to derive passwords and remember them. And while some analyze these and add to their attacks, this is the case only in highly targeted attacks. Which this wasn't!
Adding such patterns to general password cracking is just a waste of time and resources.
This contradicts your first post which says "my password was not the most secure". So which is it?
No it doesn't. I said it wasn't the most secure because it was not a random >60characters password I normally use which would take thousands of years to crack. This was the kind of password which could be broken in several decades.
Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities:
1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case.
2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case.
3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for
tabnabbing!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case.
1) No
2) I
know it was secure. Even if attacker got my hash the day I registered they would not had the time to crack it.
3) My home network is monitored by snort 24/7, firewalls on my router and computers are properly configured to allow just the traffic I require. There are no unnecessary services running - I even disabled dhcp. Most of the browsing is done in VMs which are then shutdown and destroyed. So please keep your security 101 to yourself.
I am not negative - I'm just realist. If you read my previous posts, you'll find that I was advocating Mt.gox and dismissing people complaining on this board about stolen funds from Mt.gox. At the time I had blind faith in Mark, but I was wrong.
Go listen to the interview after the hack, read his statements - he was blatantly lying. And I believe he is still lying. While a move to this inferior and buggy platform and testing on production server maybe considered normal by such incompetent individual I think it indicates that Mt.gox is desperate and still has no fucking clue how attacker got in. Hiding this is irresponsible and will lead to disaster.
Time will show