You are viewing a single comment's thread from:
RE: Important Security Announcement: Steemit CEO Ned Scott
Yea, I was thinking something along these lines as well. XSS to grab a js token. I haven't looked into the site code, but I seriously hope they're not using js tokens and are instead using http only cookies.