-----BEGIN PGP SIGNED MESSAGE-----
Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.
Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;[email protected]:[email protected] (most likely another compromised server).
What about my coins there? If you stored more than 1 BTC, send an email to [email protected] with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you’re using on Inputs. Please don’t store Bitcoins on an internet connected device, regardless of it is your own or a service’s.
I know this doesn’t mean much, but I’m sorry, and saying that I’m very sad that this happened is an understatement.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----