

MtGox account database leaked - foxhill
http://forum.bitcoin.org/index.php?topic=19543.0

======
sunchild
People talk a lot of trash about frameworks like Rails, but I can spin up a
shell application with bcrypt authentication via devise, roles-based
authorization via cancan or declarative authorization, built-in CSRF
protection, and better-than-decent default XSS protection in less than 30
minutes.

Granted, it's not perfect security-wise, but it beats the crap out of whatever
mish-mash leads to this meltdown...or the one Citi had...or the one Sony
had...or other one...etc.

I think security is one of the few areas where convention over configuration
pays off by sidestepping lazy/sloppy approaches.

------
gst
Seems that "mining" the MD5 passwords is now more profitable than directly
mining Bitcoins - at least there's some GPU power out there ;)

~~~
astrodust
MD5? Are you kidding me?

There should be capital punishment in software development for things like
that.

~~~
vog
It is not so much about MD5, but more about not using a random salt for each
password.

Stronger hash algorithms such as SHA-1 suffer exactly the same issues when
used improperly (i.e. when stored without salt, or data is exchanged without
HMAC).

<http://en.wikipedia.org/wiki/Salt_%28cryptography%29>

<http://en.wikipedia.org/wiki/HMAC>

~~~
wlll
I'll just leave this here: <http://codahale.com/how-to-safely-store-a-
password/>

------
suninwinter
I have received the following email _6_ times, edited to remove referral code
and Bitcoin address:

"Dear Sir or Madam,

A few hours ago the Bitcoin trading website Mt Gox has been hacked. Malicious
individuals have been able to obtain a database containing usernames, email
address and encrypted passwords. This information has been posted publicly on
the internet.

As a Bitcoin supporter I'm now sending a message to every email address
contained in the hacked database. This is to warn you that your username,
email address and password have been leaked. I therefore strongly advice you
to change your passwords. If you have used the same password on different
websites it's highly recommended to change your password on all of your
accounts!

For a more secure alternative to Mt Gox, the community appears to be moving to
TradeHill. So this is no reason to lose faith in Bitcoin itself. It must be
seen as a warning that not every website can be trusted with your data
however! Their link is <http://www.tradehill.com/?r=XXXXXXX> (Note: You can
remove the Referral Code when registering if you want!) This is certainly not
the only website where you can exchange Bitcoins, also check out
<http://www.thebitcoinlist.com/dp_bitcoin/bitcoin-exchange/>

Sincerely,

A Bitcoin supporter 1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX7"

If the sender is reading this, your script works (too well), and the warning
was received 2 1/2 hours after the one from Mt. Gox, so you probably should
have saved yourself the trouble.

The From headers shows the email is sent from Bitcoin@unknown.com. However,
digging into the headers it is actually coming from
gXXXXXXX@bXXXXXXXXXX.gXXXXXXXXXXXXX.com (trying to give the guy some privacy,
since he's trying to be helpful, but this way others who get the message can
correlate it).

~~~
soult
How is that helpful?

a) Every user of MtGox already received a message from MtGox directly telling
them about the breach. His message did not add any new information at all.

b) He advertises for two direct competitor to MtGox, in once ase using what I
assume is a referral link where he earns a comission for each trade.

c) He solicits donations for himself.

d) He does not give out his name and uses an invalid return address to hide
his motifs.

e) He sent the message 6 times.

------
palish
Just got an email from MtGox. Here are the important bits:

"If you were using the same password on Mt.Gox and other places (email, etc),
you should change this password as soon as possible."

"While the password is encrypted, it is possible to bruteforce most passwords
with time, and _it is likely bad people are working on this right now_."

Son of a...

~~~
rb2k_
A question to people that have a more active crypto knowledge than I do:

I have a 13 character password with letters, numbers and punctuation. I also
seem to have one of the salted ($1$) passwords.

How much in trouble am I really?

~~~
Joakal
Several months I think assumed according to this:
<http://www.lockdown.co.uk/?pg=combi>

The article is 2 years old. There are botnets that I presume could do ~50
billion/sec now (Number pulled out of ass).

~~~
astrodust
A single machine loaded down with four high-end cards can do 4.5GHashes/s so
an army of bots could easily eclipse that.

~~~
Joakal
The G means Giga, as in 4.5 Billion? I haven't seen it used that way before.

I believe bots are unlikely to have four high-end cards though, due to my
assumption that the nature of bots come from weak users therefore weak
computers.

Do you have a source for the capability of particular capacities to find
passwords including botnets like my link?

------
mtcox
I bought some bitcoins on MtGox a month or so ago. My email address was among
those in the leaked database. I received a message from MtGox about the
security breach, and shortly thereafter from an anonymous user hoping to
profit:

Dear Sir or Madam,

A few hours ago the Bitcoin trading website Mt Gox has been hacked. Malicious
individuals have been able to obtain a database containing usernames, email
address and encrypted passwords. This information has been posted publicly on
the internet.

As a Bitcoin supporter I'm now sending a message to every email address
contained in the hacked database. This is to warn you that your username,
email address and password have been leaked. I therefore strongly advice you
to change your passwords. If you have used the same password on different
websites it's highly recommended to change your password on all of your
accounts!

For a more secure alternative to Mt Gox, the community appears to be moving to
TradeHill. So this is no reason to lose faith in Bitcoin itself. It must be
seen as a warning that not every website can be trusted with your data
however! Their link is _removed_ (Note: You can remove the Referral Code when
registering if you want!) This is certainly not the only website where you can
exchange Bitcoins, also check out _removed_

Sincerely,

A Bitcoin supporter _(bitcoin address removed)_

------
tibbon
Perhaps 100% unrelated, but for the first time since its launch I just got a
'suspicious activity' notice when I tried to log onto my Google Accounts/Gmail
within the past hour. I got in ok and changed my password drastically, however
one of the first emails I got of course was one from MtGox letting me know
about this. Probably unconnected, but I could imagine them trying to take a
hit on a lot of registered Gmail accounts after they got the information. I
only signed up for an MtGox account, but I've never traded with it or really
used Bitcoin.

~~~
wcoenen
All gmail addresses in the leaked file (including mine) got this notice. It's
just a precaution from google.

I'm a bit annoyed that they didn't just sign me out and _suggest_ a password
change rather than force it (since I already use their 2-step authentication
scheme and use different passwords for everything). On the other hand I'm
happy to know that Google cares so much about the security of my account.

~~~
tibbon
Hmm, figuring this is just likely (hopefully?) my iPhone or something, but my
gmail shows an account login using IMAP from United States (MI)
(198.228.226.x) about an hour ago. I've never been to that state.

EDIT: Nevermind, my have been my phone or something, because MaxMind is
showing that IP as Ohio (where I am).

------
jjm
I have to admit that when you have real money behind a hobby[1] project of
this size and amount you might want to hire some security professionals to do
an audit of your system. It goes for all the exchanges. Heck, I hope brick and
mortar banks do a 'real' audit while I'm on the subject (with all the hacking
being done everywhere).

<http://forum.bitcoin.org/index.php?topic=19516.0>

~~~
pavel_lishin
Keep hoping: <http://news.ycombinator.com/item?id=2656837>

~~~
bradleyland
The title of an article I read recently comes to mind, "You don't know the
problem." That is, creating an un-hackable system isn't the problem.

It's probably unrealistic to expect that anyone will ever create a completely
un-hackable system. Rather, one should design their systems to fail gracefully
under attack.

If someone breaks in to my Citibank account, it doesn't much matter to me,
because the banks have the authority to roll back transactions with the push
of a button. Their power to do so is the greatest layer of security in the
whole system; just as we have seen with Mt Gox.

Unfortunately, Mt Gox is not bitcoin, it's simply an exchange, so it's once
removed from bitcoin itself. The owner of that account still lost $1000, and
no one can reverse it. Contrast that with bitcoin, and you can begin to see
the problem.

This is a fundamental issue with all currencies, not just bitcoin. It's a
trade-off. When you hold currency, you hold responsibility for securing it. If
I kept $500k in USD (paper currency, bonds, whatever) under my mattress, I'd
have no recourse if someone broke in to my house and stole it. That is why I'm
ok with keeping my money in a bank. I give up a lot for it, but I gain a lot
of security.

------
eis
There are UNSALTED md5 hashes in there.

~~~
judofyr
Ehm, how we you know that? Maybe the salts were stored another place? Or
simply the attacker didn't release them? Or maybe MtGox used a site-wide salt
that's stored in their codebase somewhere?

EDIT: Okay, they appear to be unsalted (according to nbpoole):
<http://news.ycombinator.com/item?id=2671714>

~~~
lubos
open that file and search for the most famous MD5 hash -
5f4dcc3b5aa765d61d8327deb882cf99

~~~
hugh3
Meaning what?

~~~
dekz
That is the md5 digest of 'password'

------
gst
Thread is locked - anyone who can provide a mirror?

Edit: Just Google for the URL to find the respective Rapidshare link.

------
dave1010uk
For reference, I just receied this email from MtGox. I'm fortunate in that my
MtGox password is not used for anything else.

Edit: the email was longer than I expected and formatting messed up a bit on
HN so here's a pastebin link: <http://pastebin.com/H5bgDYhC>

------
mikle
Passwords seem to be hashed. I think this is to be expected since this is such
a techy thing (currency?), but still nice to know. Now whether they are hashed
and whether the algorithm used is safe are a different story.

~~~
judofyr
There are 1766 hashes that are 32 characters in base-16 (probably MD5,
possibly with a site-wide salt) and 59245 hashes that are 34 characters in
base-66 (appears to be an MD5-based crypt(3) hash).

 _EDIT: Ops, I missed some hashes._

~~~
xfs
There are duplicate hashes. Taking out the dups, there are 1610 md5 hashes.
And 34% of these are crackable with a rainbow table. This means they are
unsalted.

~~~
DrJ
at least now I finally get to use that 10GB rainbow table I downloaded a while
back.

------
rooshdi
The culprit may have posted to HN just hours ago:

<http://news.ycombinator.com/item?id=2671766>

------
ebaysucks
I can't login at MtGox at the moment. What's the best measure to take now?

I'm assuming MtGox will reset the passwords for those with an email account
associated. Not sure what they will do for those without, hopefully they have
IP logs for those accounts?

~~~
Tichy
I wonder - if you have a payout BitCoin address configured in MtGox, you
should somehow be able to prove that it is your address? Not sure - but might
be a good idea to investigate that?

------
mcs
Sigh. Everybody was warned.

------
drivebyacct2
Who wants to team up and replace MtGox?

This is absurd. Anyone with a clue about anything knows better than to use
unsalted MD5 or better yet, can imagine better ways to partition security for
a system to prevent this, and _at the very least_ can implement measures to
prevent mass withdrawl without having to revert to transactional rollback
after the fact.

Really sad. Was MtGox first? Why did they have so much volume anyway?

~~~
Tichy
Is there even a way to make a server unhackable? I am really not sure :-(

I would try to put the whole thing on Google App Engine, at least then the
burden would be on Google for the most part :-/

~~~
ChuckMcM
"Is there even a way to make a server unhackable? I am really not sure :-("

Its a pretty difficult thing, the simple answer it turn it off :-) however
you're second comment is more relevant.

"I would try to put the whole thing on Google App Engine, at least then the
burden would be on Google for the most part :-/"

Google does a good job of securing their servers, however the risk is not that
the 'server' gets hacked, rather its the application running on the server. So
for example someone can't log into your server but they can SQL inject a
command to dump your web site's password list and they don't have to log in.

Good secure design would start with really really strong testing around the
applications 'mutation' points (which is to say where it changes in response
to user input). When I was at Google products had to go through a security
audit before being released and those guys were pretty good at their jobs.
This is one of those cases where seeing a lot of ways people try to attack
services gives you a leg up on looking for common weak points.

~~~
astrodust
Anything can be hacked if it has information on it. There's even those
terrifying "cold hacks" where you yank the memory stick from a machine that's
powered off, chill it to preserve lifespan, and plug it into another machine
to read it, the thing coughing up the contents like some zombie.

Nothing can ever be fully secure, but you can make it secure for all practical
considerations.

------
drivebyacct2
Well, I just spent two hours talking to the people interviewing developers at
mt.gox and tradehill.

Tradehill: SHA-1 currently, looking at SHA-512. No one certified on security.
Top creds repeatedly touted was one guy that developed "300 iPhone apps".

Mt.Gox: Was NOT hacked. There financial auditor had read-only access to the
database and his computer was compromised. They were asked why the financial
auditor had access to the data, with no response.

I was literally yelling about bcrypt, and apparently Mark (mt.gox) said that
bcrypt wasn't actually very secure and that they're were going to use (1000
passes) of SHA-512.

~~~
saalweachter
People are always the weak link.

You can't just secure the servers; you've got to secure the entire set of
machines which ever connect to the servers, and all of the machines which ever
touch the offline data. If your data is stolen off of a laptop or USB drive --
as an absurd amount of data has been -- it's just as stolen as if it's taken
from the central server.

------
drivebyacct2
As a note, a user named <TD> has join #bitcoin-dev purporting to be from
Google. They are restricting access to compromised accounts and sending out
texts to change passwords. They stared with plaintext-passworded users but it
appears it will include everyone. I don't know the legitimacy of these claims,
but based on some of the comments here and in #bitcoin, it appears to be quite
legitimate.

~~~
diego
I can confirm this. My email is in the leaked db. Both my mtgox and gmail
passwords are unique, hard to guess by a dictionary attack and not shared with
anything else. I received Google's message to change my password.

As an aside, seeing the public text file containing 60k mtgox accounts is
strange. Without looking too hard I found a couple of people I know in there.

~~~
drivebyacct2
Fortunately, being only a few days old, my password was salted but it's still
unsettling to see my email address and username (my fullname) in there.

~~~
ahi
Same here. My email is my name, so they got my name, email, and username.
Fortunately, it's a relatively new username I haven't used much.

------
grimen
As I say: Don't trust a programmer in a suit...or that writes backends with
PHP.

~~~
grimen
Reason: Most .NET/PHP-programmers just don't care about readable code nor
security per definition; it's strongly bound to the reason they picked this
language from the start.

...or to quote the creator of PHP: [http://axonflux.com/5-quotes-by-the-
creator-of-php-rasmus-le...](http://axonflux.com/5-quotes-by-the-creator-of-
php-rasmus-lerdorf)

~~~
scarmig
I don't doubt that most .NET/PHP programmers don't give a crap about security.

Is this any different from RoR or Django, though?

