You are viewing a single comment's thread from:

RE: Important Security Announcement: Steemit CEO Ned Scott

in #steemit8 years ago

Do you know how the attacker got in? I assume they altered the javascript to exfil private keys, yes? How do you know how many accounts were compromised? It might be wise to cycle everyone's keys at this point. I'll definitely be updating my posting key.

Sort:  

Yea, I was thinking something along these lines as well. XSS to grab a js token. I haven't looked into the site code, but I seriously hope they're not using js tokens and are instead using http only cookies.

At least is now been compromised, and from this experience Steem will up lift there security. Lesson learn.

Coin Marketplace

STEEM 0.15
TRX 0.16
JST 0.028
BTC 67340.80
ETH 2419.68
USDT 1.00
SBD 2.35