Don't use a centralized exchange. Don't use a hosted online wallet. Any centralized source of a large amount of BTC/XBT or any other currency thereof is simply going to be a target, no matter what. Anybody that claims they are 100% secure should be put into question. 0days are very real.

If you would like to use an "online" wallet, use Blockchain.info.

If only someone told you the difference between an online exchange and online wallet. Tell me again how I shouldn't use a centralized exchange but should use blockchain.info to .. buy Bitcoin?

What can you use if you don't want to download the entire multi-gigabyte blockchain?

Why should we trust Blockchain.info?

I was told, to my surprise, by a couple of Bitcoin developers just the other day that they aren't to be trusted either. Apparently they are known shady.

They don't hold your unencrypted private keys.

What's to stop a hacker from serving you malicious javascript that steals your unencrypted private keys?

blockchain.info is no more secure than any other web wallet.

They have a browser extension, so there's that. Two-factor involves trusting them, but the actual bitcoin transactions apparently not.

Myself, I only hold pocket change in blockchain, the rest I hold on cold storage.

Regarding them being shady, they are as shady as you all silicon valley fellows. :) I hear that's where they are based.

I don't know how blockchain.info actually works. If you give them your decryption key at any point, even if they claim not to keep it, then you're heavily relying on trusting them and that's not much better than the other web wallet alternatives, I agree.

They don't actually "hold" your coins (nor your private key(s)).

To expand upon this because I think it's interesting and not something that everyone appears to understand with how the blockchain works: those are effectively the same. Everyone's coins are distributed across the entire Bitcoin network, and everyone who has a copy of the blockchain has everyone's coins, but only those who hold the corresponding private keys for each address (public key) the coins belong to can use them. So if you don't control the private keys to your coins, you don't control the coins.

This is a sensational title. Apparently "only" a list of email addresses was stolen.

Copied. And who can say with certainty that no other data was copied? If the incident occurred due to a server breach, can you still trust the server?

We really need more transparency in Bitcoin exchanges, and this needs to come from within the community. The days of 'playing around' are gone, this is serious business now. Industry leaders should at least form a consortium that handles these kinds of issues and at least does an audit of funds. In addition, exchanges should prove they have the said funds. It's a public ledger folks, we need to demand more openness and honesty.

You mean.. like put regulations and oversight into place?

How delicious.

What does regulation have anything to do with what I wrote? Do you know you can demand things as a consumer? As a group? As a community? As a market participant?

Target 'leaked' 70m+ credit card details and there was no regulation that would have forced them to disclose it. But yeah, lets make all the regulation in the world for Bitcoin exchanges, because, you know ...

Are you being pedantic about forcing them or are you unaware that most U.S. states have notification laws that apply when a data breach involves personal information?

Yep. Fun fact: libertarians don't want the world to be the wild wild west forever. We believe in regulations and oversight, we just think it need not be at gunpoint. Hopefully the Bitcoin industry gets to it before the government does and we'll find out how it compares.

No, he clearly did not mean regulation. He said demand, as a customer may do, rather than coerce by force, as a government must do.

who still has money in anyone of these online wallets?

Well, technically, you can use them as a hosted wallet, too.