Page 1 of 4 1234 LastLast
Results 1 to 10 of 37

Thread: how exactly is an account "stolen"

  1. #1
    i see many threads here with stolen account .. how exactly do they manage to lose their account ?

    anything an average bt user like should me be concerned about ?

    i use a strong password in all my 5 trackers .other than that any precuations ?

  2. BitTorrent   -   #2
    Sanka113's Avatar Bobsled King BT Rep: +25BT Rep +25BT Rep +25BT Rep +25BT Rep +25
    Join Date
    Dec 2007
    Posts
    1,164
    I think it's because people who trade or giveaway accounts don't necessarily change the pass and or email. For giveaways, usually the giver supplies the account recipient a very simple password. Thus, it wouldn't be hard to steal the account if you know the original account holders sn.

    Then, some people use the same sn on here and on most trackers that they are members at, and when they do a trade or giveaway, the recipient simply looks for the givers other accounts and tries the password they received for the tracker they were given or traded.

    Most stolen accounts are probably derived from trades. As soon as the trade is done, the original account holder could back into the account he traded and change the password. Also, if the email isn't changed but the password is ,the original account holder simply recovers the password via the retrieve password function on the tracker homepage.

    When it comes to trading or giving away accounts, change the password to something semi generic. Something that isn't at all related to any of your personal passwords, yet secure enough for the new recipient. For you traders make sure, that you trade emails too for accounts. It's just too easy for a dishonest person to steal the account from you if they still have control of the email.

    I hope that helps.

    Cheers!
    Last edited by Sanka113; 01-24-2008 at 07:59 AM.
    See ya in another life, brother.

  3. BitTorrent   -   #3
    stoi's Avatar BCG Owner BT Rep: +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45
    Join Date
    Oct 2002
    Posts
    3,679
    i would say a lot of the time its a trade gone wrong, or they have lent their account out and the person they lent it to has changed the email.

    and you would think that if they were going to steal anyones account it will be one of the staff members.

    that happened on our tracker. we had where you could do database queries from the tracker if you were sysop. a member pmed one of my sysops with a link to a replica BCG saying that he should have a look as he see on a forum that he was getting people to sign in and pinching userids and passwords.

    The sysop clicked the link and it had a cookie catcher on it. within minutes the member had signed into his account, changed his mail. had a look around the forums, including staff forums, then went and truncated the whole DB.

    which is why Blackcats 2.1 became 2.2 December before last.

    obviously you cant do db changes from the site now and staff do not click any suspect links, you tend to learn from your mistakes, so i suppose if you get a suspicious link dont click it. i dont even click links on here that are posted in the forums just incase.

    also make sure your email has a good password. but even that cant stop a good hacker from getting into it.

    tbh if someone wants your account there isnt a lot you can do about it, but they also need to know what they are doing, and if they are that good, like i mentioned, why go for a lowly member when they can get a sysops account.

  4. BitTorrent   -   #4
    FSC [Fight Club] BT Rep: +2
    Join Date
    May 2006
    Posts
    612
    Id say 70% come from trades
    the other 30% from trackers which have been hacked (there are countless). Personally i think security should be a top priority for users....dont just sign up for any tracker (especially newer ones) first find out who is coding and if it is secure. There have been many instances where users have had there username/passwords/IP address posted all over the net.

    -Basically stolen accounts come from greed: always trying to be the first to sign up to a new tracker and trading to move up the ladder
    Proud Member of:

  5. BitTorrent   -   #5
    Zaxx's Avatar Ol' Skool P2P BT Rep: +3
    Join Date
    Dec 2007
    Location
    In The Space Between...
    Posts
    583
    Quote Originally Posted by Sanka113 View Post

    Most stolen accounts are probably derived from trades.
    Bingo! The likelihood of account theft is pretty slim if you don't trade accounts...trade=risk almost anyway it's done, imo anyway.
    "It's not what ya got, it's what you give."
    Please do not PM me for invites. Thx.


  6. BitTorrent   -   #6
    VIZFX's Avatar Looking at You! BT Rep: +2
    Join Date
    Nov 2007
    Posts
    349
    And on top of that, try not to use the same password for all your sites!

  7. BitTorrent   -   #7
    oh thanks a lot for all the suggestions

    so most of the time its a fucked up trade

    then i guess if you dont trade, chances of your account getting stolen is slim ?

    The sysop clicked the link and it had a cookie catcher on it.
    ok , that sounds a bit dangerous . anyway i will be carefull when i see suspicious links now

  8. BitTorrent   -   #8
    Zaxx's Avatar Ol' Skool P2P BT Rep: +3
    Join Date
    Dec 2007
    Location
    In The Space Between...
    Posts
    583
    Quote Originally Posted by stoi View Post

    The sysop clicked the link and it had a cookie catcher on it. within minutes the member had signed into his account, changed his mail. had a look around the forums, including staff forums, then went and truncated the whole DB.
    That IS some scary sh!t...
    "It's not what ya got, it's what you give."
    Please do not PM me for invites. Thx.


  9. BitTorrent   -   #9
    Night0wl's Avatar GoaHead BT Rep: +6BT Rep +6
    Join Date
    Apr 2007
    Location
    On an island
    Age
    45
    Posts
    1,525
    Use different passwords on all accounts and make them look something like this

    h%/cxE45)C&i (it will prevent people from guessing or brute forcing your password)

    This won't help against links like that, but it sure will discourage someone from going after another account of yours if they got one of them somehow.

    Another thing would be deleting cookies for sites on every browser shutdown, so in case someone is successful in stealing your cookies, they won't get all your sites. Most people are probably to lazy to do that though.

    And then of course don't trade or giveaway accounts

    Another thing is secure login, but I don't really know how effective that is.
    Quote Originally Posted by TheFoX View Post
    In the old days, if you misbehaved on a tracker, you got disabled, or worse, IP banned.

    Nowadays, there are more trackers than there are members, so if your tracker misbehaves, they get bookmark removed, or worse, URL deleted.

  10. BitTorrent   -   #10
    pandabear's Avatar Internet BT Rep: +2
    Join Date
    Nov 2006
    Posts
    556
    As other have said majoirty is just bad trades, or people lending accounts to "friends" over the internet. However an old style attempt, not many know of is the email fish(just made up name now).
    Its where you get the person on msn, and start talking to them about everyday things. After a few days this person will try recover the pass on your email account, and encounter the rcovery question. Usually people put this shit as "What is your pets name?" Then the person fishes for the info, and when they get it, they change pass on email, recover pass on all torrent sites, login into sites, and change password again etc. Then they put stalling tricks into place to slow the person down, so its harder for them to recover.

    The only other trick i know is where you create a shitty torrent site, and get people to sign up onto it then check there account/pass against other dbs, and hope you get some right.

    Its a tricky world out there.

    Quote Originally Posted by Blue_Skies View Post

    h%/cxE45)C&i (it will prevent people from guessing or brute forcing your password)
    No body brute forces torrent passwords. Even the worse torrent site has a max number of attempts or some sort of human verifiy.

    Quote Originally Posted by Blue_Skies View Post

    Another thing is secure login, but I don't really know how effective that is.
    That stops login for ips outside your range, but it depends on tracker. Usually a good safe guard to stop someone from another country/isp hitting your account

    Also forget the best trick Where you trade someone an account, then rat them out to tracker staff, and get your account back. SO you get 2 accounts for the price of none.
    Last edited by pandabear; 01-24-2008 at 08:52 AM.


    Someone invite me to fsc please

Page 1 of 4 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •