Post
Topic
Board Meta
Re: Account hacked -- should I blame admins or not?
by
zoeh
on 07/12/2018, 08:59:38 UTC
It seems easy because its' happening to me- I will be saying the same thing when it happens to you.. Btw, not everyone is always in the email inbox, especially the personal ones, I spend most of my times in my work mails.

However, you have highlighted a very good point:
I will just make him suffer and not use the account to it full potential by giving him red trust
When you are spending most of the time with emails,why you didn't check it.I am just said because here no fault from the admins its just how the system works.

And also we have recover method for hacked accounts here : Recovering hacked accounts or accounts with lost passwords so you need to follow the instructions and wait patiently in the long queue.


Probably, the reason why I wasn't always in my mailbox was only because I never thought I will through this, I thought this forum was somehow similar to other forums in term of security and notify users of anything suspicious happening around their account through the email they have registered with. Security is a priority for every platform, I am assuming that you know that by now.

You should at least post the link of the account in question so if your claims are concrete the account can be red tagged

And also the forum has a security measure that it is before an email can be changed in the forum the password to that account must be provided so who ever has your account provide your password.

You should also take part in the blame you must have lost your guard
Here is the link to the account; I was previously a campaign manager for some projects and I am afraid that if the hacker uses the account to do bad things, this might somehow affect the projects I previously managed and investors might associate the projects with fraudulent activities whereas they are not.

He is the link to the account: https://bitcointalk.org/index.php?action=profile;u=1000883
you can also help in painting it red, but I will ask whoever rated it to change the trust if I manage to recover it.

Requiring confirmation from the old email is not a good idea for the reason already mentioned.
Asking for password reentry to change the mail address would be good. If you have left your browser open where other people could have access to it, then it gives an extra measure of protection. Requiring a signed blockchain message for an email change could be a good way to stop this type of hijack.

Requiring email confirmation on signup is also good to help reduce spammers. It doesn't help in this case, but I believe it would be beneficial for the forum.

{reply crafted before the previous post was submitted}
As previously mentioned, security is a priority. Some accounts here in the forum are more reputable than others, you seen this before hopefully. However, the level of security is similar. Projects, organizations and individuals create accounts here on the forum and obtain all the trust they need from their investors. Think of it this way, what do you think will happen if for instance, a hacker hacks Vitalik's account and start scamming people? What do you will happen to their Ethereum reputition.

I don't think that password re-entry is such a great idea the reason being that if the hacker had access to the password in the first place, they can use it again in the future or even change it. Admins just need to come up with more secure measures, but as we have previously read in the previous comments that the 2FA is being integrated with the new software and email confirmations. I guess that's unlike nothing.