/biz/ - Business & Finance

If they seriously store passwords plaintext, they deserve to get hacked.

I'm betting this is fake, though.

Fuck, i have same password and email at everywhere

>>7532279
This. Only 14 year old script kiddies would ever consider storing passwords in plain text.

Tried one of those, can't get in. Fake.

Fuck, I used my work email and my password is ih8niggers

Anyone tried one to see if it is legit?

>>7532366
nice one

>>7532320
Or doe a single round of SHA256 w/ no salt

>>7532251
>https://twitter.com/poloniexhack/status/962288838692474880

I just tried some of the logins. Only one worked, but they had 2fa enabled.

big if true

>>7532424
OH SHIIIIIIIIIIIIT

>>7532381
99dent but he has 2fa

>>7532424
Could be just one they created

>>7532424
Yeah, some of those work

FUCK

Haven't used poloniex in years though

>>7532251
YES YES this is the FUD we need to dirve btc down to 5k

Do people unironically actually not use strong alphanumeric passwords?

Do I need to change password?

>>7532251
tried both @naver.com ones and they worked.... jesus fuck

nooo my linkies

>>7532577
They could’ve just made those accounts calm the fuck down

>>7532539
How do you think that would help in this case??

if only a couple work while most fail, it's overwhelmingly likely that's his own accounts

>>7532599
doesn't make sense though, why not create every account on the screenshot in that case?

>>7532577
welp, for once OP isnt LARPing

big if true

Come on baby, crash this market. NOW.

big if large

my email is my full name @ gmail and my password is "justinbieberownsmyasshole". Not a good day.

just some larper with shorts open. not a bad idea actually if it goes viral.

true if big

tethered up @8800,waiting for the crash.

and we just got the perfect scapegoat after bitgrail "hack"

>>7532627
He probably didn't want to take the time to create 25 email accounts and polo accounts with 2FA enabled. Create a few and scatter them in the list.

big, therefore true

>>7532366
and now you've doxxed yourself as a 4chan poster, you've really gone dun it

>>7532251
poloniex can die in a fire. 7 month open ticket for 2000$

Holy fucking shit they work .

>>7532251
HOLY FUCK THE PASSWORDS WORK

Feels good having 2fa on absolutely everything

>>7532539
>using le stronk alphanumeric password in plaintext is somehow more secure
the absolute state of /biz/

Cool good thing I never used Poloniex because I always heard how shit it is.

>>7532577
hotmail ones didnt work

fuck

huge if big

>>7532251
can someone explain to me why anyone uses any exchange that's not Bittrex or Binance? What's the point of using Bitgrail or Poloniex or AbuCoins or any of that? It all just seems so sketchy to me

first of all Poloniex definitely uses a hash algo like bcrypt
second of all, you don't have "usernames" on poloniex so you can already know this isn't their database

Friendly reminder to sell now. This is the perfect storm with the Binance and Bitgrail bullshit flying

>>7532984
shitcoins my dude. shitcoins.

>>7532251
who is this and why does he follow

>>7532320
you would be surprised how many incompetent retards are calling themselves software developers

>>7532984
Anyone whos been in this space for more than 6-7 months has at some point had a polo account. Polo was the bittrex or binance before they took off.

>>7532999
Binance has so many though

>>7533011
this makes sense

also checked my dudes

>>7533011
Good thing I came in July lel
Bittrex and Binance are secure af

I bet people that shit their pants right now, will loose their own info on his super secret website he's prepping.
what a day!

>>7532984

>Abucoins

>>7532952
now's the part where you backup the 2fa keys
/data/data/com.google.android.apps.authenticator2/databases/databases

>>7532251
>unhashed passwords
That's really bad.

honestly, do they work? Still hackers can't withdrawl without email acces. API key's might be a problem

OMFG
Try to log in with these accounts, shit works only need 2fa ofc and the other i tried had email code send -_-

>>7533031
They want the tier 3 shitcoins like nano and turtle

>>7532984
Newfag spotted
>up to 300 BTC payments required to list coins
>less than a year old
Binance is a exit scam waiting to happen
Bittrex is a dinosaur in deep shit
And both don't have all the promising coins listed

OH NO!!! MY PRECIOUS 80 DOLLAR WORTH OF ADA I STILL MIGHT HAVE ON POLO!!! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHH!!!!! good thing polo decided to be turbo faggots to its legacy holders and i moved them all to bittrex months ago

>Oh crap
>Login into Poloniex account from years years ago
>Oh right i don't have any funds in here anymore
>Enable 2FA just because

Poloshit is really fucking shitty for having password in clear text, this is actually illegal where I live.

Tried all of them. fake.

also

>>7533187
this is from some stupid phishing site he created that steals credentials
must be a mimic of poloniex domain..

how people on /biz/ this stupid ffs

>>7533175
kazakhstan?

some of these mails are used on normiebook and dont look lie bots/fresh accounts.

Maybe he made those accounts? Full list or larp.

>>7533177
the vova@ukr.net works

>>7532251
what does this imply?

>>7533187
These idiots always have blatant typos. The fake stellar blog post that spelled it 'steller" was great.

>>7532599
This. Digits confirm. It could be an attempt to extort money from Poloniex.

>>7532984
You don't understand. You have it backwards. Poloniex is the tried and true American exchange that we all used for altcoins, for years. Bittrex and Binance were and still are seen as sketchy shitcoin exchanges to buy complete garbage that just happened to explode over the past few months as more and more people were pressured to buy lower cap shitcoins. Poloniex was seen as something of a gatekeeper for which altcoins are "legit," for a long time. If they get hacked, you can be sure it will have massive effects on the entire crypto economy.

That being said, I think this is nothing at all because Poloniex was one of the most secure exchanges for years. Almost as secure as you'd expect something like Gemini, Gdax, Bitstamp to be. Not quite but up there but for altcoins.

>>7533207
this is probably the most true

>tfw don't even have a polo account and still just changed all my exchange passwords

>>7533227
no it doesn't

>>7533220
are you an expert on bot fresh account appearance you fucking dork

>>7533187
Ah, nice.

>>7532251
>plaintext passwords

Fake.

>>7533130
So what one are you supposed to use?

>>7533207
Prob this gay guy

>>7532251
They range from terrible passwords like "miner3033" to great ones like "c&%e3nC&%E3N" and yet it doesn't matter because they're all in plaintext.

I tried the 99dent@naver.com one and it works, just needed 2FA.

>>7533250
this guy fucks

>>7532816
what if false thefore small?
big if tru

Lol this is fake. He created those accounts himself.

>>7533283
>no it doesn't
It does work. I tested it too.
skupeyko-vova@urk.net
5800xm5800xm

Test it yourself.

>>7533008
this
i've worked a bit as a freelance webdev in the past
nearly half of the websites i've done backend stuff for have stored sensitive information in plain text in an sql database
websites usually ranged between 500 and 25k registered users
this is the reason why you should use different emails and different passwords for every site you register on

This is truely the wild west era of digital assets
Its kind of humbling to witness the entire thing in my lifetime
I feel like we are in the equivalent to "not being able to call because you are using the internet" period but for crypto

>>7533442
or they were phished

>>7532617
>>7532954
>what is password reuse
The only real risk, you absolute fucking brainlets
Do you think poloniex won't reset every password after this is leaked?

>>7533495
aye cheers mum thanks for picking up the phone id only been trying to download that file for the last four hours

I will give you advice. Take your money. Tomorrow you will see very serious things.

>>7532279
>>7532320
There's already hundreds of modules/libaries that does password hashing for you. Don't need to do anything. This has got to be a troll

>>7533549
>>7532251

sounds just like a pajeet phisher who missed out on buying at $6k

>>7533549
whoaaaa scary.

>>7532285
prove it

>>7533549
oooh no, sold everything

>>7532320
Several billion worth of passwords and email addresses have been stolen because of this over the past 10 years. Only 14 year olds, really?

I think the duplicated entries and misspelled email (gmai.com) point to this being the results of a phishing attack rather than an actual hack

>>7532251
thanks just bought 100k accounts

then bought 100k xmr

thanks

>>7533648
Honestly bitcoin is based on cryptography. If as a bitcoin exchange that's been around for years you still didn't figure you have to hash your passwords. Which is bassically 10 lines of code. You deserve to be hacked

>>7533207
This.

It's why there are duplicate entries. Retards keep re-entering their details wondering why it's not working.

Source: had a phishing site like 7 years ago

>>7532362
They work actually.

This shit is big.

>>7533654
That's what we try to tell to scare pants

>>7532320
haven't there been countless database hacks of major corporations over the last decade where people found tons of customer data/passwords/personal info stored in plain text?

like when that Playstation Network was hacked and everyones credit card details/cvvs were in plain text? or the Equifax shit? many others like that

well we've got 2fa anyway

fake news

holy shit guys, dont try to log in to any of these, they are taking your IPs

>>7533578
>hacker doesn't speak perfect english
>he must have missed the dip

okay

>>7532251
lmfao skiddy either:
makes a few accounts on poloniex
or
peppers a few phished accounts in there

seriously, crypto is so fucking easy to target. imagine this if you will. all these scam ICOs asking users to join their mailing list. how easy would it be for them to sell the goddamn list or spam out phishing emails to all the people on the mailing list? or someone writes a bot, sells it, installs a keylogger, or modifies the JS cache on the browser, steals their cookies for auth tokens, etc.

It's too easy. People are forgetting/not realizing that crypto is NOT intended for people inexperienced with computer security. Absolutely no liability or safeguards here.

KEEP IN MIND: This guy could have easily made these accounts himself. Not that much effort for very high quality FUD

>>7533187
good catch

>>7533654
Gimai.com is still valid email. But the duplicate ones probably confirm phishing

>>7533814
so? it's not my IP lol

>>7533849
Like a week ago I got spam about some BTC-e/wex refunding and shit with a beautiful link to reset password.
I bet my rock hard dick that 10% of people click on that and give their info.

>>7533139
Exact same situation.

>tfw i had forgotten i had 7.5 ether on polo and discovered it late december

>poloniex db
>passwords in plaintext

if you faggots actually believe this is real burn your crypto and shoot yourself

>>7532485
do they have any funds left?

>>7533814
>implying that im not behind 1000 proxies

grow some balls faggit

>>7534006
they probably hit 2fa wall and can't do nothing more

>>7532984
some alts aren't on bittrex or binance yet

>>7534035

Enjoy licking men's assholes queer

>>7532251
>mfw I used Polo once but with a completely scrambled shit password like c3u7feozqyshzo75hdfs29im5gzh7vrm and a different email than the one I use for actual important shit

>>7533992
>passwords can be obtained only from the database

Found the brainlet

>2018
using shitty exchanges like this and bittrex

>>7534184
the twitter is literally "poloniexhack" are you telling me phishing is the eqv of hacking an exchange?

>>7534184
>Being this retarded

>>7534267
what?

>>7533479
You've done freelance webdev work in the past. Not an actual developer. What you are describing is not the norm in any way shape or form. Hashing passwords has been the norm for nearly 20 years at this point.

There is a zero percent chance that Poloniex was storing passwords plaintext. This guy created a bunch of bullshit accounts and took screenshots/made fake output from a DB. He then tells people to contact him if they don't want their account listed in the dump. I WONDER WHY? He's trying to trick idiots into giving him their username and password.

If you think this is legit in any way you are completely retarded.

>>7533992
You moronic brainlet you know there exist trillions of sha256 databases with most of the common passwords and string combinations out there.. if they simply hash the pw without taking userid or anythign else into consideration its easy to "reverse" the db hashes you fucking fuck

>>7534267
Look, brainlet: >>7533187.
It's from a phishing site at worst.

>>7534313
>thinking any large business' are using sha256 in 2018

>>7534313
>he doesn't know what bcrypt is
>he doesn't know what salt is
>he doesn't know what rounds are
wow you should probably stop posting. seriously.. why would you pretend you know what you're talking about? what kind of retard uses sha256 in a database?

Withdrew all my funds from Polo when they said they'd begin clamping down on legacy accounts Q1 2018. Watching this though.

>>7532251
>>7532424
Thanks for the heads up. Just changed all my passwords, better safe than sorry. Don’t become a statistic acting like a badass who doesn’t care

>>7532251
This is fake. Sage this thread for goodness sake.

>>7534374
who gives a fuck if it's from a phishing site faggot it's being presented as if it's a database

>>7532251
>https://twitter.com/poloniexhack/status/962288838692474880

MFW I use different passwords that were generated by norton password generator for everything

>>7532251
it's fud lmao all the accounts have $0 already went through 5 they were recently made

>>7534634
>using norton
>not using keepass

lol noob

>>7534636
Have fun getting your own account locked now

>>7534374
this

>>7534671

>>7534674
i don't use that shit site also so I don't care + I'm using a VM + tor + vpn

>keeping your money on exchanges

>>7534636
absolute madman

>>7532251
>toan91kt@gmai.com
Did Poloniex remove an L from this guy's email address? What did they mean by this?

As a hodler I admit this is impressive fud

>>7532800
crypto coding goddess pls bless us with gains

>>7534753
he messed up when he logged into the guys phishing site and that was recorded the guy prob had ppl login to the site --> enter email + pw ---> then had it redirect to the real polo login page to make it seem like it glitched out

>>7534508
>as if it's a database

It's a fucking hashmap you dump bastard. it could be obtained from everywhere. get some brain.

>>7534267
>>7534289

>Be rogue developer at polo. Call one liner log function on authentication step for a few days/hours. Collect a massive amount of user credentials then remove the logger and leave the company.

Profit?

Bitgrail ,Poloniex,...The end of the world incoming...

>>7533139
my dog loves to have the back of his head rubbed just like that. wonder if i got him something like that would he just use it 24/7.

>>7532279
it's his list of phished pw

>>7532800
Bitch! I;ve been waiting to get approved in that shitexchange for 6 months. How are you creating 20+ accounts in any reasonable timeframe?

>>7534704
keepass is the shit

>>7533884
>>7534636
>made these accounts himself.
>lets enable 2FA

lol hodlshits in denial

>tfw keeping my short open just in case

Opened at $8600

We're going sideways anyway, little chance of liquidation given it's at $9100

>>7534214
What's wrong with it? It works. I can exchange just fine. It doesn't go down like Binance shit.
My daily trading is doing just fine. Make a few k. And withdrew completely fine.

Also make sure you have 2fa enabled. That should go for any exchange really

>>7534165
>c3u7feozqyshzo75hdfs29im5gzh7vrm
>no special characters
It's like you want to get hacked

>>7535475
retard I said he phished them see >>7534836

>>7535691
yeah it has special characters, also caps, but my point was that I'm not going for "Ih6niggers" as my password with my work email like some retards do. It's just random crap that doesn't mean anything.

>>7535805
>phishing Goolag emails in 2018

you know what to do.

>>7534296
> Hashing passwords has been the norm for nearly 20 years at this point.
Doesn't matter, people cut corners and never go back and fix their mistakes, and it gets worse as the org structure expands

>>7532366

>>7532320

save mine all in a txt in some folder lol

>>7532539

No one would ever guess 'BigBootyHos6969YeahBoi'

>>7533011
>Anyone whos been in this space for more than 6-7 months has at some point had a polo account. Polo was the bittrex or binance before they took off.

And consider how many people use the exact same email-password across multiple sites...

If you're on poloniex, and you use the same login/pw combos elsewhere, you better change your shit because they WILL be trying those credentials elsewhere.

>>7532251
>https://twitter.com/poloniexhack/status/962288838692474880

Can somebody please mail the people their passwords? Badboy26!

>>7536891
Checking those sweet hidden dubs (9*9*11=891) and that killer meme! (saved)

>>7532984
The easiest fucking way for a sure 2-3x is to find the popular chinkcoins that are on the top 100, but not listed on Binance.

They usually get listed within a few weeks, and it always does a 2x right away.

>>7537041
>9gag

kys

>>7538882
test

test

>>7538882
>>7539882
>882
hmmmmm

>>7532251
Kek my old account in on there

I dont even give a heck, lets see them get passed 2fa.

>>7532413
Even then it can be decrypted using a rainbow table

>>7532251

I'm unironically sunnynite792.

believe it or don't, this is fucked.

>>7540085
holy shit so am i

believe it or not guys, somehow this other guy was me the whole time

>>7533299
poloniex is awesome, bitfinex is also a good one

If someone wanted to fake this, they could just have created the accounts in the screenshot themselves.

Just saying

Fuck you, Bryce

>>7532251
Everything has 2fa feelsbadman

>>7532995
>second of all, you don't have "usernames" on poloniex

didnt they have usernames for their "trollbox"?

>>7532285
it doesnt even matter when you use 2fa

>>7532967
>tfw 2fa
>tfw 2k limit per day
good luck faggots

2fa lol. Don’t be a dumbass

This isn't happening

>>7536949
You are DE-LUSIONAL if you think an operation at the scale of Poloniex doesn't hash passwords.

I hate to just ad hominem the shit out of you, but there is no discussion to be had here. You are so outside of your depth if you think they could even run an operation at that scale with practices like that.

No one was hacked, and if you think Poloniex stores passwords clear you're retarded.

Here's a quick test - try to recover your password and tell me if they send it back to you in the clear or not. They won't. They'll have you set a new password because they DO NOT STORE your password in plain text.

>>7534313
I'll take WHAT IS SALTING FOR $400, ALEX.

Why do people that have no idea what they're talking about insist on spewing their half baked idiocy to others?

>>7532539
>Do people unironically actually not use strong alphanumeric passwords?
complexity isn't as important as length. Anything under 8 characters can be rainbow tabled. And if source is decrypted or *gasp* plain-text then it does matter for shit.