So, interesting development this morning. I shut down the wallet I had with blockchain.info yesterday after it was potentially compromised and decided to just start with a fresh new wallet hosted there. Very strong password, different identifier. Java not installed on my machine and scanned for malware.
Received this this morning -- from blockchain.info notification:
Authorize log-in attempt
An attempt to login to your blockchain.info wallet was made from an unknown browser. Please confirm the following details are correct:
Time: 2013-04-27 07:17:42
IP Address: 77.109.138.42 (Switzerland)
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.
Gecko/20051111 Firefox/1.5
If the above details are correct please use the following login link:
https://blockchain.info/wallet/[blocked out for obvious reasons]
If this login attempt was made by you this email can be safely ignored however you may wish to change your wallet alias.
and this...
An attempt to login to your blockchain.info wallet was made from an unknown browser. Please confirm the following details are correct:
Time: 2013-04-27 08:38:09
IP Address: 5.9.121.38 (Germany)
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.
Gecko/20051111 Firefox/1.5
If the above details are correct please use the following login link:
https://blockchain.info/wallet/[blocked out for obvious reasons]
If this login attempt was made by you this email can be safely ignored however you may wish to change your wallet alias.
Apparently there is still some sort of malware out there attempting to hack the blockchain.info service. Machine was clean when I set this new wallet up, only way I think they could've possibly found the address is through scanning potential aliases. Admittedly, my alias is a plain word so possible they could've just tried brute force finding an alias that would lead them to identifier and tried to log in from there. Otherwise, can't imagine how they would've gotten it. Just a lead for PIUK to follow if he's interested in trying to button up security on the site.