Steemit.com was the subject of a successful hack attack yesterday, which saw some client data compromised and some Steem Dollars stolen, although after a very hectic few hours the company seems to have the situation in hand.
The following two statements were issues by the company at the beginning, and then the conclusion (assuming it is over) of the attack.
Official Statement (#1) from Steemit CEO Ned Scott
Steemit was today subjected to a cyber attack. In the attack, fewer than 260 accounts were compromised, and less than $85,000 worth of Steem Dollars and Steem may have been stolen.
The hack has now been contained. User accounts and wallets are not at risk, and we hope to soon reactivate the Steemit website to normal order. Any users whose accounts were compromised will be completely reimbursed.
Though only a relatively small amount of Steem was stolen, we take any form of criminal activity against our community extremely seriously. We have reported the hack to police and other cyber crime authorities, including the FBI. A full, internal investigation is currently being conducted and we are working on an immediate solution.
Partner exchange Bittrex was informed of the compromise and is actively helping the investigation. As a precaution, they have temporarily suspended the ability to deposit or withdrawal Steem and Steem Dollars from their exchange. The suspension will be lifted as soon as possible.
Thank you all for joining us on Steemit. We apologize for the temporary disruption of services and look forward to resuming operation of our social network.
Regular updates will be provided here on Steemit.com
(Statement #2) First Update to July 14 Security Announcement from Steemit CEO Ned Scott
After conducting further analysis and following hack containment procedures, Steemit has been able to narrow the potential number of compromised accounts. We can now announce that in the past few hours, the Steemit team has been able to coordinate with elected witnesses to secure potentially compromised accounts with balances exceeding $100 US. As a result, we can ensure these accounts are restored to their rightful owners. This process has been completed.
Within the next 48 hours, Steemit will begin to allow all newly secured accounts to reset their passwords simply by logging in with the same Facebook or Reddit credentials that were used to register in the first place. This easy process will work for the vast majority of the potentially compromised accounts. All of these account holders will regain full access to their funds and their original account name.
If your user account was not created through Facebook or Reddit, Steemit asks that you contact our support team at [email protected] We will be able to provide you an alternate solution. If you have any additional concerns about your account, please contact our support team as well.
The Bittrex team is completing analysis of our wallet. Once it has passed their rigorous compliance checks, they will reopen the wallet for deposits and withdrawals.
To all Steemit users: if you have not done so already, please reset your account passwords. We ask this to ensure that everyone’s account is secure. Remember that each account has 3 keys: an Owner Key, an Active Key, and a Posting Key. We recommend following best security practices by choosing unique passwords for each of these keys. This will allow you to safely use steemit.com with your Posting password.
As mentioned earlier, any Steem or Steem Dollars stolen from compromised accounts will be fully refunded by Steemit.
Thank you all for your patience and support through this process and for your wonderful contributions to Steemit.