Warning!!! Don't login with Yahoo OpenID to coinedup.com
My reddit post that has gotten ZERO response in 16 hours (no e-mail back either):
http://www.reddit.com/r/CoinedUp/comments/1sx42y/warning_your_yahoo_openid_allows_2_different/
I used an old burner Yahoo e-mail address with a stupid-long password to login to coinedup and it had a rocketmail.com (Yahoo owned) e-mail saved as the owner with previous transactions.
I didn't realize it
and I got robbed of ~.5btc pretty quick I was trying to buy dogecoins of course.
How to replicate the problem: Go to: http://openid.yahoo.com/ and click "Get Started" and then login to your Yahoo.com e-mail address.
On the next screen you'll see: Your OpenID identifiers: followed by a long https://me.yahoo.com/a/whatever address
Use that https://me.yahoo.com/a/whatever URL to login to CoinedUp and surprise - a rocketmail.com account has previous transactions and can rob your account.
Fucking sucks. Fix your shit. I'm sure I'm not the only one.
This is the only btc address I used for coinedup: 1KD8mERwt1rBZz9TzvV3EyHA4MrBXmRNvY
so w**@rocketmail.com who stole a little under .5btc please give it back thief.
**UPDATE: The guy who I thought stole my coins e-mailed me and said had the same problem and someone else emptied the account. I'll post updates.
**UPDATE: CoinedUp refunded me my btc!! Goodguys CoinedUp
My reddit post that has gotten ZERO response in 16 hours (no e-mail back either):
http://www.reddit.com/r/CoinedUp/comments/1sx42y/warning_your_yahoo_openid_allows_2_different/
I used an old burner Yahoo e-mail address with a stupid-long password to login to coinedup and it had a rocketmail.com (Yahoo owned) e-mail saved as the owner with previous transactions.
I didn't realize it
and I got robbed of ~.5btc pretty quick I was trying to buy dogecoins of course.How to replicate the problem: Go to: http://openid.yahoo.com/ and click "Get Started" and then login to your Yahoo.com e-mail address.
On the next screen you'll see: Your OpenID identifiers: followed by a long https://me.yahoo.com/a/whatever address
Use that https://me.yahoo.com/a/whatever URL to login to CoinedUp and surprise - a rocketmail.com account has previous transactions and can rob your account.
Fucking sucks. Fix your shit. I'm sure I'm not the only one.
This is the only btc address I used for coinedup: 1KD8mERwt1rBZz9TzvV3EyHA4MrBXmRNvY
so w**@rocketmail.com who stole a little under .5btc please give it back thief.
**UPDATE: The guy who I thought stole my coins e-mailed me and said had the same problem and someone else emptied the account. I'll post updates.
**UPDATE: CoinedUp refunded me my btc!! Goodguys CoinedUp