Threatwatch

Bitcoin storage service shortchanged $1.2 million by hackers

Password cracking; Software vulnerability

Inputs.io -- which touted itself as the most secure online wallet for the virtual crypto-currency -- admitted that attackers broke into the service twice, pocketing 4,100 bitcoin.

The hackers got into the host account by compromising old email accounts that were easy to reset. And, because of a software bug, they were able to sidestep two-factor authentication.

“Database access was also obtained, however passwords are securely stored and are hashed on the client,” the service’s homepage stated.

On a forum called Bitcointalk, user “TradeFortress,” the purported owner of inputs.io, said that he is attempting to issue partial refunds to individuals that lost money, but that he does not personally own enough bitcoin to fully reimburse everyone. Kaspersky Lab noted that TradeFortress appears to have learned a key lesson, offering the following advice to other users in the forum:

“I don’t recommend storing any Bitcoins accessible on computers connected to the internet.”

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.

sector

Financial Services

reported

November 8, 2013

reported by

Kaspersky Lab

number affected

Unknown

location of breach

Australia

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown