Oct 23th PST time (24th Aus time). A second hack occurred on the Oct 26th (the other 160 BTC).

The compromise was done through compromising multiple of my old email addresses in a chain (compromise one which was the recovery email for another), which led them to lailai625@hotmail.com which received emails forwarded from admin@glados.cc. The attacker was able to reset Linode and Apis networks passwords. Email forwarding was disabled on the 26th (PST, 27th Aus).

I've already posted login logs for Linode on bitcointalk, I've attached logins for apisnetworks which were also reset.

5: Yes, to linode manager. The attacker on the Oct 26th used Lish to skip linode manager and directly shell into the Linode, bypassing 2FA on the manager.

4: The incomplete logs were obtained through lish logview's buffer. The attacker installed mc (midnight commander) and used it to transfer files containing credentials via FTP to 0;15Hd@mastersearching.com:mercedes49@69.85.88.31. From the midnight commander view, the remote server also has another bit.php file not from Inputs. I speculate that this is taken from another service.

3: I do not see where I have access linode password reset logs. I've sent a support ticket to linode requesting such, and authorizing them to provide it to anyone who asks. Ticket ID 2560514