Steemit experienced hack, theft of user funds, and DDoS attack

in #steemit8 years ago

 Hundreds of users' accounts compromised and funds stolen. 

 Steemit recently experienced both a hack that resulted in the theft  of users' funds and a distributed denial-of-service (DDoS) attack. Steem is a type of technology that feeds Steemit, a social media  website. Members of Steemit earn Steem Power and Steem Dollars, with one  Steem Dollar equivalent to one United States Dollar, for posting and  curating popular content. On July 14, users of the site began noticing suspicious transactions  on their accounts. For instance, one member by the name of  "dragonslayer109" noticed  US $300 had been transferred from his account to a Bittrex account, an  exchange that allows Steemit users to withdraw their Steem Dollars as  Bitcoins. 

 Steemit's IT teams launched an investigation into those issues and  determined the site had experienced an attack that affected a small  number of users. As Steemit CEO Ned Scott told all Steemers on Thursday: 

"Steemit was today subjected to a cyber attack. In the  attack, fewer than 260 accounts were compromised, and less than $85,000  worth of Steem Dollars and Steem may have been stolen. The hack has now been contained. User accounts and wallets are not at  risk, and we hope to soon reactivate the Steemit website to normal  order. Any users whose accounts were compromised will be completely  reimbursed."

In response to the hack, Steemit notified the FBI and launched "a  full, internal investigation" into the incident. The site also  temporarily suspended members' ability to deposit or withdraw Steem and  Steem dollars. A day later, Scott announced  the site's admins had secured most of the accounts with balances  exceeding $100 and that they were about to institute a password reset  for all users affected by the hack: 

"Within the next 48 hours, Steemit will begin to allow  all newly secured accounts to reset their passwords simply by logging in  with the same Facebook or Reddit credentials that were used to register  in the first place. This easy process will work for the vast majority  of the potentially compromised accounts. All of these account holders  will regain full access to their funds and their original account name."

It was shortly after Steemit made this announcement that it experienced a DDoS attack. As reported by Softpedia,  the site used the attack to update its servers and institute something  called "blockchain-based multi-factor authentication," presumably an  account security feature. Steemit's investigation into this incident is ongoing at this time. If you are a Steemit user, you should change your password regardless  of whether you were affected by the hack. Users should also implement  multi-factor authentication if it is available. (That could very well be  the new "blockchain-based multi-factor authentication" feature.) 

Sort:  

Congratulations @nghiaho! You have received a personal award!

Happy Birthday - 1 Year
Click on the badge to view your own Board of Honor on SteemitBoard.

For more information about this award, click here

By upvoting this notification, you can help all Steemit users. Learn how here!

Nice post! I will follow you from now on.

Congratulations @nghiaho! You have received a personal award!

2 Years on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:
SteemitBoard World Cup Contest - Semi Finals - Day 1


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @nghiaho! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!