Steemit experienced hack, theft of user funds, and DDoS attack
Hundreds of users' accounts compromised and funds stolen.
Steemit recently experienced both a hack that resulted in the theft of users' funds and a distributed denial-of-service (DDoS) attack. Steem is a type of technology that feeds Steemit, a social media website. Members of Steemit earn Steem Power and Steem Dollars, with one Steem Dollar equivalent to one United States Dollar, for posting and curating popular content. On July 14, users of the site began noticing suspicious transactions on their accounts. For instance, one member by the name of "dragonslayer109" noticed US $300 had been transferred from his account to a Bittrex account, an exchange that allows Steemit users to withdraw their Steem Dollars as Bitcoins.
Steemit's IT teams launched an investigation into those issues and determined the site had experienced an attack that affected a small number of users. As Steemit CEO Ned Scott told all Steemers on Thursday:
"Steemit was today subjected to a cyber attack. In the attack, fewer than 260 accounts were compromised, and less than $85,000 worth of Steem Dollars and Steem may have been stolen. The hack has now been contained. User accounts and wallets are not at risk, and we hope to soon reactivate the Steemit website to normal order. Any users whose accounts were compromised will be completely reimbursed."
In response to the hack, Steemit notified the FBI and launched "a full, internal investigation" into the incident. The site also temporarily suspended members' ability to deposit or withdraw Steem and Steem dollars. A day later, Scott announced the site's admins had secured most of the accounts with balances exceeding $100 and that they were about to institute a password reset for all users affected by the hack:
"Within the next 48 hours, Steemit will begin to allow all newly secured accounts to reset their passwords simply by logging in with the same Facebook or Reddit credentials that were used to register in the first place. This easy process will work for the vast majority of the potentially compromised accounts. All of these account holders will regain full access to their funds and their original account name."
It was shortly after Steemit made this announcement that it experienced a DDoS attack. As reported by Softpedia, the site used the attack to update its servers and institute something called "blockchain-based multi-factor authentication," presumably an account security feature. Steemit's investigation into this incident is ongoing at this time. If you are a Steemit user, you should change your password regardless of whether you were affected by the hack. Users should also implement multi-factor authentication if it is available. (That could very well be the new "blockchain-based multi-factor authentication" feature.)
Congratulations @nghiaho! You have received a personal award!
Happy Birthday - 1 Year
Click on the badge to view your own Board of Honor on SteemitBoard.
For more information about this award, click here
Nice post! I will follow you from now on.
Congratulations @nghiaho! You have received a personal award!
2 Years on Steemit
Click on the badge to view your Board of Honor.
Do not miss the last post from @steemitboard:
SteemitBoard World Cup Contest - Semi Finals - Day 1
Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes
Congratulations @nghiaho! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!