Due to a recent attack on Utopian services, flaws in our system have been exploited, allowing for full disruption of one of our main production servers and partial loss of data.
Rewards from this post will be donated to Busy.org / SteemConnect for their help in stopping the attack.
The attack started yesterday. It was initially identified as a service disruption only, but it appears that wasn’t the case.
- Our main production server was completely erased.
- Our CDN, which contained files and backups, was erased .
- SteemConnect Tokens were leaked from our DB and today used to bulk downvote/upvote random posts.
NO WALLETS OR KEYS WERE COMPROMISED OR WERE EVER IN DANGER OF BEING COMPROMISED DURING THE ATTACK.
The incident was resolved and all the tokens were permanently revoked.
Was my wallet or private keys compromised?
No. No private data was leaked and your wallet was not at risk at any point.
What can one do with a SteemConnect token?
Only basic actions like posting and voting, but never transfers of funds, delegations etc.
Can this happen again if I use SteemConnect to login another app?
The Utopian application database was leaked due to a successful hacking attempt on company servers. The leak was not caused by any security issue in SteemConnect and you are totally safe to use SteemConnect in the future.
For more information: https://firstname.lastname@example.org/automated-votes-abuse-on-steemconnect
Do I have to change my password?
No passwords or keys are stored by SteemConnect or Utopian. This attack does not demand you change your keys or passwords.
Is the issue over? Can my account be misused to vote random posts?
Yes the issue was resolved and existing SteemConnect tokens revoked. No other operations can be broadcasted with the leaked tokens.
Is the hacker or hackers responsible being traced?
We are making efforts to trace and investigate the source of the attack and are checking all possible leads. Working in cooperation with the team at SteemConnect, our hosting service providers, and making use of all available forensic tools, we hope to pinpoint the source of the leak and take legal action against the perpetrator.
To ensure your account was not misused, and to undo whatever actions were taken with the use of your token, please go to https://steemd.com/@youraccount and check if any vote was broadcasted without your consent. If so, please revert the vote/downvote.
Within the next few days, we will publish interim guidelines on contributing to Utopian while we restore normal operations.
We thank you for your patience and continued support and apologize for any inconvenience caused.