Bitcointalk.org forum vulnerability used to hack member accounts

Sep 12, 2011 07:54 GMT  ·  By

A flaw in the Bitcointalk forum was taken advantage of by a hacker and used to gain access to passwords, email addresses and personal messages belonging to members.

For a second time this year, a BitCoin website is hacked and private information is leaked as a result.

Money handling services are preferred more and more by cybercriminals and this is clearly no exception.

The website was hit more than a week ago, during which time the attacker could freely roam and steal anything he wanted. Bitcointalk administrators only realized that the site was compromised after the hacker began adding JavaScript codes.

Immediately after that the site was shut down and migrated to another web host, but it might have been too late for some of the customers.

SC Magazine informs us that the administrators told members to quickly change all their passwords, especially those used on other websites as well.

Also, they alerted them to be on the lookout for any scams that might attempt to take over their BitCoin accounts.

So how was this possible?

According to the same source, the hacker launched an SQL injection to exploit a vulnerability. This weak point existed because the software behind the forum did not correctly handle the escape characters found in username details.

More precisely, the password hashing process was made by using the SHA-1 (Secure Hashing Algorithm), which experts recently discovered as being more ineffective than initially presumed.

The attacker managed to hijack the account of one of the administrators, after he made a donor account which allowed him to change usernames. With the use of the administrator privileges, he was able to inject PHP code by making modifications to one of the forum's style templates.

Bitcointalk representatives claim that the accounts overtaken or created in the process were identified, along with a series of IP addresses.

BitCoin currency systems seem to be the target of a lot of attacks lately, everyone being advised to take extra protective measures against possible hits.