| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by suninwinter 5472 days ago

I have received the following email 6 times, edited to remove referral code and Bitcoin address:

"Dear Sir or Madam,

A few hours ago the Bitcoin trading website Mt Gox has been hacked. Malicious individuals have been able to obtain a database containing usernames, email address and encrypted passwords. This information has been posted publicly on the internet.

As a Bitcoin supporter I'm now sending a message to every email address contained in the hacked database. This is to warn you that your username, email address and password have been leaked. I therefore strongly advice you to change your passwords. If you have used the same password on different websites it's highly recommended to change your password on all of your accounts!

For a more secure alternative to Mt Gox, the community appears to be moving to TradeHill. So this is no reason to lose faith in Bitcoin itself. It must be seen as a warning that not every website can be trusted with your data however! Their link is http://www.tradehill.com/?r=XXXXXXX (Note: You can remove the Referral Code when registering if you want!) This is certainly not the only website where you can exchange Bitcoins, also check out http://www.thebitcoinlist.com/dp_bitcoin/bitcoin-exchange/

Sincerely,

A Bitcoin supporter 1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX7"

If the sender is reading this, your script works (too well), and the warning was received 2 1/2 hours after the one from Mt. Gox, so you probably should have saved yourself the trouble.

The From headers shows the email is sent from Bitcoin@unknown.com. However, digging into the headers it is actually coming from gXXXXXXX@bXXXXXXXXXX.gXXXXXXXXXXXXX.com (trying to give the guy some privacy, since he's trying to be helpful, but this way others who get the message can correlate it).

1 comments

soult 5472 days ago

How is that helpful?

a) Every user of MtGox already received a message from MtGox directly telling them about the breach. His message did not add any new information at all.

b) He advertises for two direct competitor to MtGox, in once ase using what I assume is a referral link where he earns a comission for each trade.

c) He solicits donations for himself.

d) He does not give out his name and uses an invalid return address to hide his motifs.

e) He sent the message 6 times.

link