Found this on the reddit twitter. Cliffs are: If you used myetherwallet to generate a private key on their website while using the Google DNS IP's (8.8.8.8 and 8.8.4.4) your private keys are compromised. Things seems to be back to normal now.
Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!
Invalid certificate:
https://imgur.com/a/bh6p4DQroot@tali:/home/micky# dig @8.8.8.8 myetherwallet.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42
;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.
;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62
root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com
; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A
;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42
;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62
Always make sure your connection is secure "green" in your browser!
LE: Anyone that got their keys into this has had their funds transferred to
http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.
Again, please make sure the SSL Connection is always green when you interact with any website.
Just further proof that you should never use these websites.