For example, there have been several reports of users losing their funds after using Blockchain.info through the Tor network. In response, the company temporarily blocked all Tor exit nodes, and then started using HSTS as well as providing a dedicated Tor onion address to its Tor population. Blockchain.info was the second company in the world, after Facebook, to receive an SSL certificate for their .onion address.
Private Key Generation Affected, Issue Detected and Resolved
Now Blockchain.info has released a new security disclosure and update:
“When making a scheduled software update overnight to our web-wallet, our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner.
The issue was present for a brief period of time between the hours of 12:00am and 2:30am GMT on December the 8th 2014. The issue was detected quickly and immediately resolved. In total, this issue affected less than 0.0002% of our user base and was limited to a few hundred addresses.
We have sent an alert to all users who have potentially vulnerable addresses in their wallets, for which we have an email on file. We are committed to working with any affected users to assess and rectify any issues.
If you created a wallet, generated a new address via Blockchain.info’s web-wallet, or sent bitcoin from your wallet during this time period and have not provided us with your email address, please contact our support desk at [email protected] or simply create a new wallet.
Addresses, wallets and transactions created via the Blockchain.info iOS and Android apps, and the Chrome extension are not affected.”
What do you think of this security disclosure and update from Blockchain.info? Comment below!
Images from Blockchain and Shutterstock.