Just wanted to make you guys aware that between yesterday 4/7/2014 and today 4/8/2014 i noticed that my btc payout address had been changed without my authorization. It was changed from 16rBgvegJnDWQtakxc6ChYaUu2fozuDk47 (which has been my legitimate address since i started with hashcows) to 1GxdwuYxuoJEtzoJrxv2mQQ4344YgqUAzv (bad address that i don't recognize).
The team appreciate the feedback. There have been one or two other reports like this, the first within hours of the
heartbleed openssl exploit becoming public knowledge. Nearmiss patched the server against the vulnerability as early as possible today. If anyone else has similar issues, please email
support@hashco.ws with full info to help nearmiss investigate - but the initial hunch is that it was an opportunistic thing using heartbleed.
As has been mentioned, we patched the servers asap earlier this morning. We are in the midst of a full audit for possible changes like this, as mentioned, feel free to report if you notice anything out of the ordinary. We'll likely be forcing site-wide password resets as a precautionary measure once the audit is complete. We'll have a full news update on this later tonight. This was not a hashcows-specific vulnerability, and is related to heartbleed mentioned above.