Steemit experienced hack, theft of user funds, and DDoS attack

 Hundreds of users' accounts compromised and funds stolen. 

 Steemit recently experienced both a hack that resulted in the theft  of users' funds and a distributed denial-of-service (DDoS) attack. Steem is a type of technology that feeds Steemit, a social media  website. Members of Steemit earn Steem Power and Steem Dollars, with one  Steem Dollar equivalent to one United States Dollar, for posting and  curating popular content. On July 14, users of the site began noticing suspicious transactions  on their accounts. For instance, one member by the name of  "dragonslayer109" noticed  US $300 had been transferred from his account to a Bittrex account, an  exchange that allows Steemit users to withdraw their Steem Dollars as  Bitcoins. 

 Steemit's IT teams launched an investigation into those issues and  determined the site had experienced an attack that affected a small  number of users. As Steemit CEO Ned Scott told all Steemers on Thursday: 

"Steemit was today subjected to a cyber attack. In the  attack, fewer than 260 accounts were compromised, and less than $85,000  worth of Steem Dollars and Steem may have been stolen. The hack has now been contained. User accounts and wallets are not at  risk, and we hope to soon reactivate the Steemit website to normal  order. Any users whose accounts were compromised will be completely  reimbursed."

In response to the hack, Steemit notified the FBI and launched "a  full, internal investigation" into the incident. The site also  temporarily suspended members' ability to deposit or withdraw Steem and  Steem dollars. A day later, Scott announced  the site's admins had secured most of the accounts with balances  exceeding $100 and that they were about to institute a password reset  for all users affected by the hack: 

"Within the next 48 hours, Steemit will begin to allow  all newly secured accounts to reset their passwords simply by logging in  with the same Facebook or Reddit credentials that were used to register  in the first place. This easy process will work for the vast majority  of the potentially compromised accounts. All of these account holders  will regain full access to their funds and their original account name."

It was shortly after Steemit made this announcement that it experienced a DDoS attack. As reported by Softpedia,  the site used the attack to update its servers and institute something  called "blockchain-based multi-factor authentication," presumably an  account security feature. Steemit's investigation into this incident is ongoing at this time. If you are a Steemit user, you should change your password regardless  of whether you were affected by the hack. Users should also implement  multi-factor authentication if it is available. (That could very well be  the new "blockchain-based multi-factor authentication" feature.)