Le forum bitcointalk.org, principal lieu de discussion sur Bitcoin, a été attaqué à nouveau. Par mesure de sécurité les utilisateurs sont priés de changer leur mot de passe dès que le service sera rétabli. Si vous avez utilisé ce mot de passe sur un site différent, changez-le dès à présent.
L’administrateur, Michael Marquardt (alias Theymos), a annoncé que le serveur ne sera pas relancé avant deux jours et qu’il publiera un rapport complet sur l’incident dès que le service sera rétabli.
Maj du 25 mai : Message envoyé aux utilisateurs du forum
« I regret to have to inform you that some information about your account was obtained by an attacker who successfully compromised the bitcointalk.org server. The following information about your account was likely leaked :
– Email address
– Password hash
– Last-used IP address and registration IP address
– Secret question and a basic (not brute-force-resistant) hash of your secret answer
– Various settings
You should immediately change your forum password and delete or change your secret question. To do this, log into the forum, click « profile », and then go to « account related settings ».
If you used the same password on bitcointalk.org as on other sites, then you should also immediately change your password on those other sites.
Also, if you had a secret question set, then you should assume that the attacker now knows the answer to your secret question.
Your password was salted and hashed using sha256crypt with 7500 rounds. This will slow down anyone trying to recover your password, but it will not completely prevent it unless your password was extremely strong.
While nothing can ever be ruled out in these sorts of situations, I do not believe that the attacker was able to collect any forum personal messages.
I apologize for the inconvenience and for any trouble that this may cause ».
Sources : twitter.com – reddit.com
