Thread: Hacked accounts and stolen upload credit. How strong is your tracker password?

Recently we became aware of a person or persons funneling large amounts of upload credit from other members. It appeared that this person was logging into these other accounts and sending the credit back to his/her own account. After quite a bit of investigation we have determined that the "hacker" was not exploiting a weakness in our code or our server but rather he was gaining access to these accounts simply by trying "123456" as the password for every account on our member list. Over the next few days we will be returning the upload credit to each of the affected accounts and implementing several new measures to prevent this kind of malicious activity from happening in the future, some of which are already in place.



During our investigation, we discovered an alarming number of users are and were using "123456" or similarly weak passwords. While we can breathe a small sigh of relief that it's not a sophisticated attack by highly intelligent and determined hackers, it does show us that there is a real need to remind our members that for their safety as well as the overall safety of bitGAMER, we must remind everyone to make their passwords as strong as possible. One excellent resource that can be used is Perfect Passwords. It is also highly recommended that you use a strong and unique password for every site you use and never use the same password at more than one site.

Source

This does not just count for those who use BitGAMER, but to those who use any tracker out there, any site that requires a password!

Trackers that implement the need for a combination of letters, numbers and characters leads to a strong password. Not all sites do this, so make sure yours is strong and secure!

Heck, I sure wouldn't want to loose all that upload credit I worked so hard for... how silly can people be, making their passwords 123456 or similar?

thnx for the post m8

i always use letters(both upper case and lower case) numbers and special characters in my passwords..its short and awfully difficult to crack..dnt take these things for granted..there are ppl out there lurking for u to be careless to take advantage of u..be safe than sorry..

Wow. Maybe that's why BG have been so wary of users sending large amounts of credits these past few months.

I can't understand why people make themselves so vulnerable to cheap hacks like that. You can't even call that hacking since it's completely the account owner's stupidity. I don't see how difficult it is to define an algorithm/set of rules which creates unique passwords across all trackers/sites, but easy enough to remember without even doing much thinking.

Say I wanted to create a simple, but strong password for BitMeTV. BitMeTV is abbreviated as BMTV. Then subject the password to a few things that are memorable to me, but no one else. My favorite number is 25. My name is Sav. Slap them together and what do I get? BMTV25Sav. I don't think too many people will figure that out.

I mean, come on, 123456? Seriously? You have to give the 'hacker' credit since he knew there are people simple enough to create such passwords.

I am using storng passwords. I am trying to use in my pass different symbols, upper and lower case letters and some numbers aswell.

johupogo, while I agree with your assessment, I feel the message of the posting is important enough that it should be posted in the news section. Accepted.

Two years ago I used to use passwords which contain only numbers (random sequence) but 6 months ago i changed all my passwords and made them as strong/big i as could and easy to remember using numbers, leters (lower and upper case) and symbols.
It is highly recommended to use complex passwords in all our accounts and not just trackers !!!

Originally Posted by JkDillinja

I am using storng passwords. I am trying to use in my pass different symbols, upper and lower case letters and some numbers aswell.

yeap this would be the best combo for passwords
if this combo is still hacked then well the hacker have got some serious kungfu

believe it or not i used my date of birth as password a couple years ago until my wife (girlfriend at that time) figure it out.!
since than sometimes even i have difficulty to remember them...

I always remember Sarah Palin incident where her email account was hacked just by guessing the answers of her security questions after searching the web for the same. Using dictionary words or numbers for passwords defeats the purpose of having one.