Second Update to July 14 Security Announcement from Steemit CEO Ned Scott
After successfully containing the hacker on the evening of July 14, today we temporarily took down Steemit.com to mitigate a DDOS attack. The silver lining is that this timeout allows us to begin implementing an advanced security protocol, which includes the deployment of blockchain-based multi-factor authentication. As the website is being upgraded, all user accounts and tokens are secure.
The Steemit team has been working around the clock to develop state-of-the-art blockchain security protocols and account recovery systems. We have consulted with and hired highly credentialed security experts to help us implement these solutions.
As some of our users have mentioned, the Steem blockchain was never hacked. Likewise, our servers were never hacked. Instead, the hacker exploited browser-side vulnerabilities, a challenge that every Fortune 500 company faces as well. After patching the problem, we are now at work on a new multi-factor authentication solution that would prevent similar attacks from happening again.
Our top priority is protecting you, our users. This process may take a few days, but we operate under the maxim that it is better to be safe than sorry. Steemit will be back up and running soon, and anyone whose accounts were compromised will be reactivated and fully reimbursed.
Thank you for your patience and support. Additional details will be posted here as soon as possible.