How a script weakness in’s password reset page cost Partap Davis $3000

5 03 2015

The Verge has posted an article of Partap Davis who lost his money being hacked overnight.

While he slept, an attacker undid every online security protection he set up. By the time he woke up, most of his online life had been compromised: two email accounts, his phone, his Twitter, his two-factor authenticator, and most importantly, his bitcoin wallets.

All of those accounts got hacked primarily because his main email address in was taken by the online perpetrator.

For simplicity’s sake, we’ll call her Eve.

How did Eve get in? We can’t say for sure, but it’s likely that she used a script to target a weakness in’s password reset page. We know such a script existed. For months, users on the site Hackforum had been selling access to a script that reset specific account passwords on It was an old exploit by the time Davis was targeted, and the going rate was $5 per account. It’s unclear how the exploit worked and whether it has been closed in the months since, but it did exactly what Eve needed. Without any authentication, she was able to reset Davis’ password to a string of characters that only she knew.

Read the full article here:




2 responses

7 04 2016

Come plcay with me and all my toys.My new profile

29 06 2018
free bitcoin faucet 2017

buy btc online Instantly

How a script weakness in’s password reset page cost Partap Davis $3000 | ivo

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: