MyBitcoin Username/Password Breach: Difference between revisions
No edit summary |
(→What Happened: Adding timeline table.) |
||
| Line 13: | Line 13: | ||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - | |+Key Event Timeline - MyBitcoin Username/Password Breach | ||
!Date | !Date | ||
!Event | !Event | ||
!Description | !Description | ||
|- | |- | ||
| | |June 20th, 2011 | ||
| | |Passwords Breached | ||
| | |Users with the same password on Mt. Gox and the MyBitcoin platform started to see their accounts breached. This reportedly continued through June 21st. | ||
|- | |- | ||
| | | | ||
Revision as of 13:26, 17 January 2023
A file containing usernames and passwords from the large Mt. Gox cryptocurrency exchange was accessed, and this allowed multiple breaches to occur of around 1% of the users on the MyBitcoins exchange.
Ultimately, MyBitcoins sought to cover the losses for users.
About MyBitcoin
More information needs to be added.
The Reality
More information needs to be added.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss.
| Date | Event | Description |
|---|---|---|
| June 20th, 2011 | Passwords Breached | Users with the same password on Mt. Gox and the MyBitcoin platform started to see their accounts breached. This reportedly continued through June 21st. |
Total Amount Lost
The loss was estimated at the time to be 4,019 BTC (worth roughly $72k USD at the time).
Immediate Reactions
The pseudonymous operator of MyBitcoin acknowledged at the time:
“We’ve concluded that around 1% of the users on the leaked Mt[G]ox password file had their Bitcoins stolen on MyBitcoin.”
Ultimate Outcome
Affected users were reimbursed the total value of their losses on the MyBitcoin platform. Those who withdrew from the platform could have kept them after the platform ultimately collapsed.
Total Amount Recovered
All 4,019 BTC (worth $72k USD) were ultimately reimbursed to users.
Ongoing Developments
None.
Prevention Policies
This loss affected only those users who reused passwords across multiple exchange accounts. It could have been prevented if users avoided password reuse.
Platforms can protect against the breach of user accounts by requiring a second factor of authentication. Other common characteristics to look for to detect an account breach would be access from a different IP address (particularly one in another region of the world, a VPN, or a Tor exit node), accessing multiple accounts from the same IP address, proceeding immediately to initiate a full withdrawal on the account, changing passwords, or a large and unexpected cluster of account logins at times they don't normally log in. When an account breach is suspected, delaying the withdrawal of cryptocurrencies is key to prevent loss, as it allows the real account owner time to secure their account.
References
A section with the references where information came from.
https://bitcointalk.org/index.php?topic=83794.msg923918#msg923918