i see many threads here with stolen account .. how exactly do they manage to lose their account ?

anything an average bt user like should me be concerned about ?

i use a strong password in all my 5 trackers .other than that any precuations ? :unsure:

I think it's because people who trade or giveaway accounts don't necessarily change the pass and or email. For giveaways, usually the giver supplies the account recipient a very simple password. Thus, it wouldn't be hard to steal the account if you know the original account holders sn.

Then, some people use the same sn on here and on most trackers that they are members at, and when they do a trade or giveaway, the recipient simply looks for the givers other accounts and tries the password they received for the tracker they were given or traded.

Most stolen accounts are probably derived from trades. As soon as the trade is done, the original account holder could back into the account he traded and change the password. Also, if the email isn't changed but the password is ,the original account holder simply recovers the password via the retrieve password function on the tracker homepage.

When it comes to trading or giving away accounts, change the password to something semi generic. Something that isn't at all related to any of your personal passwords, yet secure enough for the new recipient. For you traders make sure, that you trade emails too for accounts. It's just too easy for a dishonest person to steal the account from you if they still have control of the email.

I hope that helps.

Cheers!

i would say a lot of the time its a trade gone wrong, or they have lent their account out and the person they lent it to has changed the email.

and you would think that if they were going to steal anyones account it will be one of the staff members.

that happened on our tracker. we had where you could do database queries from the tracker if you were sysop. a member pmed one of my sysops with a link to a replica BCG saying that he should have a look as he see on a forum that he was getting people to sign in and pinching userids and passwords.

The sysop clicked the link and it had a cookie catcher on it. within minutes the member had signed into his account, changed his mail. had a look around the forums, including staff forums, then went and truncated the whole DB.

which is why Blackcats 2.1 became 2.2 December before last.

obviously you cant do db changes from the site now and staff do not click any suspect links, you tend to learn from your mistakes, so i suppose if you get a suspicious link dont click it. i dont even click links on here that are posted in the forums just incase.

also make sure your email has a good password. but even that cant stop a good hacker from getting into it.

tbh if someone wants your account there isnt a lot you can do about it, but they also need to know what they are doing, and if they are that good, like i mentioned, why go for a lowly member when they can get a sysops account.

Id say 70% come from trades
the other 30% from trackers which have been hacked (there are countless). Personally i think security should be a top priority for users....dont just sign up for any tracker (especially newer ones) first find out who is coding and if it is secure. There have been many instances where users have had there username/passwords/IP address posted all over the net.

-Basically stolen accounts come from greed: always trying to be the first to sign up to a new tracker and trading to move up the ladder

Most stolen accounts are probably derived from trades.



Bingo! The likelihood of account theft is pretty slim if you don't trade accounts...trade=risk almost anyway it's done, imo anyway. ;)

And on top of that, try not to use the same password for all your sites!

oh thanks a lot for all the suggestions :)

so most of the time its a fucked up trade

then i guess if you dont trade, chances of your account getting stolen is slim ?


The sysop clicked the link and it had a cookie catcher on it.

ok , that sounds a bit dangerous . anyway i will be carefull when i see suspicious links now

The sysop clicked the link and it had a cookie catcher on it. within minutes the member had signed into his account, changed his mail. had a look around the forums, including staff forums, then went and truncated the whole DB.


That IS some scary sh!t...:unsure:

Use different passwords on all accounts and make them look something like this

h%/cxE45)C&i (it will prevent people from guessing or brute forcing your password)

This won't help against links like that, but it sure will discourage someone from going after another account of yours if they got one of them somehow.

Another thing would be deleting cookies for sites on every browser shutdown, so in case someone is successful in stealing your cookies, they won't get all your sites. Most people are probably to lazy to do that though.

And then of course don't trade or giveaway accounts

Another thing is secure login, but I don't really know how effective that is.

As other have said majoirty is just bad trades, or people lending accounts to "friends" over the internet. However an old style attempt, not many know of is the email fish(just made up name now).
Its where you get the person on msn, and start talking to them about everyday things. After a few days this person will try recover the pass on your email account, and encounter the rcovery question. Usually people put this shit as "What is your pets name?" Then the person fishes for the info, and when they get it, they change pass on email, recover pass on all torrent sites, login into sites, and change password again etc. Then they put stalling tricks into place to slow the person down, so its harder for them to recover.

The only other trick i know is where you create a shitty torrent site, and get people to sign up onto it then check there account/pass against other dbs, and hope you get some right.

Its a tricky world out there.




h%/cxE45)C&i (it will prevent people from guessing or brute forcing your password)



No body brute forces torrent passwords. Even the worse torrent site has a max number of attempts or some sort of human verifiy.




Another thing is secure login, but I don't really know how effective that is.

That stops login for ips outside your range, but it depends on tracker. Usually a good safe guard to stop someone from another country/isp hitting your account

Also forget the best trick :P Where you trade someone an account, then rat them out to tracker staff, and get your account back. SO you get 2 accounts for the price of none.

As other have said majoirty is just bad trades, or people lending accounts to "friends" over the internet. However an old style attempt, not many know of is the email fish(just made up name now).
Its where you get the person on msn, and start talking to them about everyday things. After a few days this person will try recover the pass on your email account, and encounter the rcovery question. Usually people put this shit as "What is your pets name?" Then the person fishes for the info, and when they get it, they change pass on email, recover pass on all torrent sites, login into sites, and change password again etc. Then they put stalling tricks into place to slow the person down, so its harder for them to recover.

The only other trick i know is where you create a shitty torrent site, and get people to sign up onto it then check there account/pass against other dbs, and hope you get some right.

Its a tricky world out there.
thanks panda, ill get right on this. i hope www.joinmytorrentsite.com isnt taken :)

Once mails containing malwares were sent as if they are from fb, rabbit (?) and few others that can sent out cookies from your computer, but i don't know how successful they are in stealing accounts.

But the heart of the matter, is that it is traded a/c's that get 'stolen' most often, apart from the database debacles as DV8 said (remember when 14 tracker db's were hit in one day ?).It is simple trading is a grey area, it is against tracker rules for several reasons that have been gone into ad nauseum before, but it also introduces the unknown i.e. how 'honest' is the trader. Alot of traders enjoy the buzz of trading and to them ripping an a/c from an unsuspecting n00b is just all the more sweet a victory, this is not all traders but this is how most a/c's get stolen.
It is a tough old world out there, if you chose to trade, you have very little understanding from staff, and there is the constant danger that someone is going to trade and then take back the a/c or if you are a complete n00b at trading and use a similar name/password you can lose more than 1 a/c and this does happen.
As a kind of proof, the next time you see a 'help my account is stolen' thread here in the bt section look back at the thread starters posts, within the last week you will find the posts leading up to the a/c trade.
The simplest form of security to make sure your a/c's don't get 'stolen' is not to trade them...............

"my account was stolen" just sounds a lot better than "i was scammed in a trade".

it also may result in people posting "oh i'm so sorry, those bad bad hackers who steal accounts. hopefully wou will get it back." rather than "don't trade and you don't get scammed"

"stolen" means that your account details are known to a stranger against your own will.

in most cases here the "bad account hacking stealer" got the username and password presented in a pm.

all he needed to do is offer the victim a high level tracker for a trade.


nevertheless there are victims of real account thievery and hackers.

what occurs is the old dilemma that people/staff have a hard time to believe the innocent because of the majority of account traders/scammers.
(same goes for "i didn't cheat/was banned for no reason" which was already discussed in another thread)

"stolen" translates "scammed" (at least most of the time)

it's just another case where scammers and traders hurt the reputation of good and honest users and make them look not authentic.


i wish people would stop pretending to be victims of account theft when they in fact just got scammed by one of their dealers.

that would help the good users who really have problems with their account a lot to get the fair treatment they deserve.

"my account was stolen" just sounds a lot better than "i was scammed in a trade".

it also may result in people posting "oh i'm so sorry, those bad bad hackers who steal accounts. hopefully wou will get it back." rather than "don't trade and you don't get scammed"

"stolen" means that your account details are known to a stranger against your own will.

in most cases here the "bad account hacking stealer" got the username and password presented in a pm.

all he needed to do is offer the victim a high level tracker for a trade.


nevertheless there are victims of real account thievery and hackers.

what occurs is the old dilemma that people/staff have a hard time to believe the innocent because of the majority of account traders/scammers.
(same goes for "i didn't cheat/was banned for no reason" which was already discussed in another thread)

"stolen" translates "scammed" (at least most of the time)

it's just another case where scammers and traders hurt the reputation of good and honest users and make them look not authentic.


i wish people would stop pretending to be victims of account theft when they in fact just got scammed by one of their dealers.

that would help the good users who really have problems with their account a lot to get the fair treatment they deserve.

+1 on that post polarbear. :yup:

they got punished for their own actions (trading accounts)

they deserved it ;)

IMO, MY account stolen:angry: = my account deleted :cry: in a day or two. :lol:
So better not to post it here if you can't protect your account.

thanks again for the suggestions

i wonder how the staff deals with this issue :unsure:

Trades gone wrong. Thats why i always say to just earn it and not have to deal with that bullshit. It's really tiresome. People tend to be stupid now of days. I would never lend anyone an account, thats just asking that person, hey? steal my account.

Trades gone wrong. Thats why i always say to just earn it and not have to deal with that bullshit. It's really tiresome. People tend to be stupid now of days. I would never lend anyone an account, thats just asking that person, hey? steal my account.

Really depends what kind of trust you have with your friends. I let my friends borrow my sites as does they let me. Obviously not torrent site, but things worth real value like steam accounts.

For anyone looking for a good password generator I would suggest this site-> https://www.grc.com/passwords.htm

But to be honest it does get old when you have users coming in and using the my account got hacked excuse to try and recover there account on a bad trade or for what ever reason they didn't apply a strong password to there account.

The funny part is we just had someone join our channel and use this same excuse not even a few minutes before I seen this thread. :lol:

Theres better programs out there which manage the password for you. Like you choose a password like shoehat, and it turns it into alphanumerical password. So when you wanna log into a site, you just type shoehat into program, and it puts in your alphanumerical pass.

botnetted by external connections maybe?

Theres better programs out there which manage the password for you. Like you choose a password like shoehat, and it turns it into alphanumerical password. So when you wanna log into a site, you just type shoehat into program, and it puts in your alphanumerical pass.

sounds like a good program pandabear, mind telling me what the name of that program is? :)

We did recently have an issue where a tracker was storing passwords as plain text rather than hashes, and when that database was stolen, caused tracker owners some concern. All accounts on the database list were flagged, and the members were asked to make sure they used a unique password for our sites.

Of course, if it isn't an account being stolen, it's someones' gmail account. This is another con, usually as part of a trade, where a member says that they have had their email account stolen, and can we please change their site email to [email protected]. Site staff don't fall for this practice either.

In five years of being tracker staff, there was only one time that a member has genuinely had their account stolen, to my knowledge, and that was because they had their laptop stolen on campus, and it still contained valid cookies, allowing the thief free access to all the bookmarked sites.

Theres better programs out there which manage the password for you. Like you choose a password like shoehat, and it turns it into alphanumerical password. So when you wanna log into a site, you just type shoehat into program, and it puts in your alphanumerical pass.

sounds like a good program pandabear, mind telling me what the name of that program is? :)
yes i need that application too.
pandabear let us know the name :)

Actually a good option for multiple passwords is a biometric scanner ( a fingerprint scanner ). I use the Microsoft one but there are several brands available, and they are now a feature on some high end laptop /desktop systems. The beauty of the scanner is that when you come to a login information page you simply add this to the scanners database and when ever it requires the password you simply your finger on the scanner and the login info is retrieved. The username/passwords are stored in an encrypted database within the scanner application and there is nothing simpler for storing and retrieving multiple passwords. Far less chance of someone accessing that a/c than having a word document lying around with all those passwords in it.

Only down side to finger print scanner, is someone can lock you out of your laptop for 15 minutes, if they try and authenticate too many times and fail. People seems to think finger print scanner, means you gotta have atleast 20 goes trying to login ;)

if trackers introduced a biometrical authentification method the next thing you would read in the invite section is:

trade my finger for *** account.

if trackers introduced a biometrical authentification method the next thing you would read in the invite section is:

trade my finger for *** account.

ROFL!

well long time ago i found someone leeching fron my fsc account (passkey hacked i guess), and have had troubles with my file porn account too (that was hacked, when i get it back i found a different flag plus some profile shit). I allways use random passwords to all my sites, and havent shared my torrents ever, is something that can happen to anyone, a good hacker will find the way ;).

A good hacker doesn't randomly pick targets. If they pick you, there is usually a reason.

Excellent point Panda.

Also most trackers log your ips ( I wont say all) so they know if your account has been hacked just by looking Also why using crazy proxies to sign in like from the UK one time and next time the NZ is not to smart either.

Most of the time it's the result of a trade gone wrong. (trading is bad :p)

Most of the time it's the result of a trade gone wrong. (trading is bad :p)

I wouldn't be surprised if giveaway'rs did as bad. They give away the account, let the other person buffer it (simply choose the person who says they have seedbox), then get the account back, and whoo they have a sweet ratio and there account back. This is why the token line everyone says "trading is bad" should change to "transferring accounts is bad".

if trackers introduced a biometrical authentification method the next thing you would read in the invite section is:

trade my finger for *** account.

The headline is more likely to read...


music.cd hacked after sysop had his finger hacked off!


instead of


music.cd site hacked!

sort of brings the concept of 'hacking' to a whole new level, people with a wild eyed look in their eyes running around with machete's :naughty: