Financial Services // Australia
Inputs.io -- which touted itself as the most secure online wallet for the virtual crypto-currency -- admitted that attackers broke into the service twice, pocketing 4,100 bitcoin.
The hackers got into the host account by compromising old email accounts that were easy to reset. And, because of a software bug, they were able to sidestep two-factor authentication.
“Database access was also obtained, however passwords are securely stored and are hashed on the client,” the service’s homepage stated.
On a forum called Bitcointalk, user “TradeFortress,” the purported owner of inputs.io, said that he is attempting to issue partial refunds to individuals that lost money, but that he does not personally own enough bitcoin to fully reimburse everyone. Kaspersky Lab noted that TradeFortress appears to have learned a key lesson, offering the following advice to other users in the forum:
“I don’t recommend storing any Bitcoins accessible on computers connected to the internet.”
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.