LR hacked and $7000 stolen - Page 5

**nanaimogold** · #41 09-23-2011, 11:15 PM

Never enable the API unless you know exactly what you are doing.
Don't use scripts that pay out unless you are the superuser of the computer hosting them.

edit- if you want to learn scripting for the API, make a test account and only put a few bucks in it.

arie85 · #42 09-25-2011, 04:08 PM

Quote:

Originally Posted by wmXchange

What is not safe if all those people that blindly trust any email they get asking for "renew" their account info on a spoofed page.
You all should educate yourself on how to stay safe online and understand that LR will never send emails addressing you as "Dear customer", "Dear user" and asking to follow a link like: libertyreserveeeee.crapbunny.org where you are required to fill-out your LR username and password.

If lets say you are in the US and somebody steal your USD cash, do you go to Federal Reserve and ask them to refund your money?

A few simple suggestions to understand and follow:
- DO NOT trust emails that asks for account confirmation, account renewal, lottery winnings and so on. Triple check any of such emails before you submit any private information.
- Always check the link you are required to follow and see what website was opened in the browser.
- Before you give away sensitive information like username, password, SSN, card info, etc ... you should double check the website name you are on, in order not to be a fake website.
- Remember that the official LR website will always have the SSL green bar in the browser address bar, any website that is asking for your LR login info and do not have the LR green bar in the address bar its FAKE.

I'm aware of all these tips you provided and we never clicked on any phishing link, yet the LR account was hacked via this API feature and the money was stolen - that was not a case of our account being hacked through some phishing link, but rather, the account was hacked via the API.

LibertyReserve requires 3 types of password to protect your account but when it comes to API they require only one.

arie85 · #43 09-25-2011, 04:11 PM

Quote:

Originally Posted by nanaimogold

Never enable the API unless you know exactly what you are doing.
Don't use scripts that pay out unless you are the superuser of the computer hosting them.

edit- if you want to learn scripting for the API, make a test account and only put a few bucks in it.

It's too late to say that now, but I am still not sure if what you say is relevant as we didn't use any scripts with the API, there is a tool called "Gold Keeper" but it's quite safe.
I am not sure yet how but someone managed to hack the account with API feature and get the funds. The only terrible part in this story is the fact the libertyreserve does nothing to help you.

**HyipBlogger** · #44 09-26-2011, 05:43 AM

arie85,
It is "the only terrible part", that I think is the most troublesome!
Perhaps this is a good thread to post all sorts of precautions for general public, but it seems you pretty much "complied" (so to speak) to them all. The only "clue" you are leaving now is that "gold keeper" software. This is a third party software which has explicit access to your account via API. If this software maker is not someone you drink beer every Friday with in the real world, I think that this may be the path you may want to "explore" in terms of the possible "leak".