As the title suggests the #1 bitcoin forum bitcointalk.org is currently down. A tweet from the official bitcointalk twitter explains why the forum is down:
Server compromised due to social engineering against ISP NFOrce. There will be extended downtime for forensic analysis and reinstall.
— BitcoinTalk (@bitcointalk) May 22, 2015
UPDATE:
According to a message on reddit from theymos it looks like the attacker only had access for 12 minutes and it is unlikely that he was able to get a complete dump of the db.
The forum’s ISP NFOrce managed to get tricked into giving an attacker access to the server. I think that the attacker had access for only about 12 minutes before I noticed it and had the server disconnected, so he probably wasn’t able to get a complete dump of the database. However, you should act as though your password hashes, PMs, emails, etc. were compromised. The forum will probably be down for 36-60 hours for analysis and reinstall. I’ll post status updates on Twitter @bitcointalk and I’ll post a complete report in a post in Meta once the forum comes back online. – theymos
UPDATE 2:
Another message was posted on the bitcointalk twitter account:
Unfortunately, looks like password hashes and email addresses were compromised. Probably not PMs, though. Back up in 12-24 hours.
— BitcoinTalk (@bitcointalk) May 23, 2015
Compromised password hashes means that your actual passwords have not been revealed but their hash has. What that can do is link passwords across different accounts. For example the most common password hash algorithm is the md5 which is used to store a one way hash of a password. The md5 hash of the password “abc123” would be “e99a18c428cb38d5f260853678922e03”. It is a good idea to change the password on any accounts that used the same password as your bitcointalk account because an attacker can try to access your alternate accounts by authenticating to the server by sending packets of your hashed password and username.
What is a Social Engineering attack?
A Social Engineering attack against the ISP means that the attacker was able to obtain the administrator’s personal information and used it in order to compromise the admin’s account. Such attacks are common against celebrities whose personal information is commonly leaked. This article from the washing post shows how easy it is to hack someone’s iCloud. It is actually how most if not all celebrity photos were obtained.
How to Protect yourself from such an attack?
Some ways to protect yourself from a Social Engineering attack is by safeguarding even inconsquential information about yourself, lie to security questions so that the answer comes form memory and not from an event. View any password reset email with skepticism even ones that say “If you didn’t request it, don’t do anything”. Try to find a way to watch you account’s activity and log such infrmation as logins + IP address. Gmail already does that and you can view your login history + IPs used from the account settings. Last but not least diversify your passwords, critical services, and security questions. Don’t use the same password for multiple sensitive accounts and have a unique password to any important account.
