Re: FreeBitco.in - Win free Bitcoins every hour! - $30,000 contest now live!
I have been using this site for years well about six weeks ago I decided to deposit some bitcoin in here for the %4 interest not a lot luckily as my account was hacked apparently, I never had an email to confirm address change I was on the site on the 2nd and by the 3rd someone had changed my email address my wallet address and withdrew all btc in less the 24 hours.
Now if that is not a sign of a hack I dont know what is surely the should have some security is it cryptopia or polo where if you change a wallet address you cant withdraw until 48 hours later
Now if that is not a sign of a hack I dont know what is surely the should have some security is it cryptopia or polo where if you change a wallet address you cant withdraw until 48 hours later
The hacker would have needed your password (you used the same on other websites?), then he can change email. After that he receives all new notifications instead of you.
If à substantial amount is on your balance, best security way is 2FA.
Okay maybe he had my password from somewhere I dont know but surely if he changes email address it has to be confirmed on old email adress
Yes, email confirmation is required from the old email address. If your account didn't have a valid email address we display this warning.
If you ignore that and your password is compromised then it is possible for a hacker to change the email.
We put a warning recently:
People who have been re-using passwords on multiple websites have been getting hacked since it seems like the databases of some other faucets have been compromised or the owner of those faucets decided to use the passwords that they had to compromise freebitco.in accounts. Like I have warned countless times before - Please do not re-use passwords on multiple websites and use a password manager!
If you use the same password on multiple websites, you will get hacked, it is only a matter of when. I have added a protection in the signup and change password functions to force users to create a secure password which should somewhat help in users not re-using their passwords. Login authorization emails which were previously being sent only for users who had a balance > $5 (because a lot of users were marking these emails as spam negatively impacting our email deliverability) has been enabled for all users now.
If you use the same password on multiple websites, you will get hacked, it is only a matter of when. I have added a protection in the signup and change password functions to force users to create a secure password which should somewhat help in users not re-using their passwords. Login authorization emails which were previously being sent only for users who had a balance > $5 (because a lot of users were marking these emails as spam negatively impacting our email deliverability) has been enabled for all users now.