Blockchain wallet backup stolen from Hotmail?

[Waramp22]

So i checked my blockchain account and to my astonishment someone took 50% of my bitcoin. Not a huge amount, but still half of my earnings. 1.9 BTC

I had 2FA setup and my IP was locked to my computer, and i was out of town that night and did not receive the "you have logged in" email so i am confident it was not blockchain.info. It was the backup file sitting my my Hotmail account that was the culprit. The reason i left it there was incase my computer crashed or my house burnt down. I felt confident because i made sure it was encrypted, but i guess that wasn't enough. Anyways, when i loaded the backup file to a new blockchain account to drain it, blockchain asked me for 2 passwords. If the thief had the .json file would he have to guess both passwords or just one of them? The 1st password was 13 characters long, and the 2nd was 14.

The only other thing i can think of, is i found a paper wallet version of it in PDF format in my phone that displayed the private key in plain text. I have a picture-password on my phone which is next to impossible to crack and I don't let people use it.

[Newar]

I think it's odd they took only half.

It's possible via the backup file and has happened before. Apparently 2FA does not protect against that attack. Unless you have 2FA on your email account too.

Were your passwords similar to the one you used on hotmail?

[cr1776]

You should move any remaining balance to a new address to be safe ASAP.

[Waramp22]

I think it's odd they took only half.

It's possible via the backup file and has happened before. Apparently 2FA does not protect against that attack. Unless you have 2FA on your email account too.

Were your passwords similar to the one you used on hotmail?

The passwords on my blockchain account were totally different than my email. I did not have 2FA enabled on my email account. Im guessing that because the password on my hotmail has been the same for many years, he either used malware/keylogger from some shitty program i had installed on my computer to captured the password, Or its someone from the dozens of bitcoin sites/pools i have signed up with that knew my email address and tried the same password. I get sick of remembering so many passwords so they end up the same unless its something like blockchain.

How they broke into the backup is beyond me. The password is 13 or 14 characters long. I hadn't logged into the blockchain site for 6 months for fear of keyloggers...


Here is the wallet. (cant find a hosting site to use, my internet at work blocks java or something)
Im hoping it asks for a password when importing to bitcoin.qt
There is 16 cents left in it.

wallet.aes.json

Code:

7mCJu30U6SpAxej55JmtGqD6CGs7v4HGz2n3el/NTs6m5dvuNMLgKGU+hgReVVQHvHFmGEc3mJlFnI0q37KiOf3DJoD1zCK/4ykiBfibdL9t9Yr5NB2c95rbrfwNTMMad7pndTTIxL2GTxoJswy6ksa78ugl3GlapH4RncTxxBZglub2bafaDPgTqy4iMw3XxSxX/sX+EwXrG8niaHCYeXvTofkc74CDsRIxUnM5ziVmDdvd+yJCBuD2yb9gf1Italun4Tk028TFmzU1vZtqNIitwYSK3K37Yf2ACq6k36hGDEULv6RVZR681Obbk6mHG4ROJKTZntms+YJWePVvCg6z7Pnv3OV6kkgikJB065sqioLvQay4xTMUxnoZA9ZnCLuu67Y0dRiFfDLKg771n/w+gokkD9M/r9Vhl0CBHzV9+3T3spsCkC3MwztPAdMragqLsPEk+J2ou/wmKFb/H81N2TjsJFYlNOs2sHzYOKD2tBorBqlDaq1+JGmJFlsKAgZo3QaZM2jdLKNuSOWiJiQ1R+fuSn3PM2ruVmZIGXoDQOWkwgwTgdL2D4YLLR8JsuCWIPVZ/COJ8qbivR5wSqsfOYU70ZPin5hqFND5H1JNUZCgInWOAdo9lTFyCSlOjzXMhsexDvfRjyNZ+17OZB6TDGur4fnaUnZNbXJRz5zaztptcZ1X77y/XtgrZ2gFXvyLyRTF4OJJNEAXU9l160w73m69E6hVQjUHrPDIodgMKKg1OqKpvFYUll7VWlo2OSd/pjId5bvjfP6NHLug3GyQjlmPk/p0vWKOFiOpkTB/ZbHLWHW0LrdKgzAiDfTpYPRYFJtrJd+vG9B4c5gt3tL5OHuRnspM9RZPeU32PkKUI3f4dkJi3SmCOvFKESGU+2mFLgIpRXq7Mn1mWASdww==

[Newar]

[...]The password is 13 or 14 characters long.

Some words combined? Something that could be guessed / combined from accessing all your emails on the hotmail account? Length is not everything, if your password is "JeffersonDrive1616" and that happened to be your address for example.

I get sick of remembering so many passwords so they end up the same unless its something like blockchain.

Have a look at programs like Keepass http://keepass.info/