Most if not all accounts that were compromised by this @sami100 account was via phishing. Meaning and to put it bluntly, the fault lies on the people who trusted, clicked the said phishing link and even log-in on the said link.
I for one think that hacking Steem Accounts is near-impossible. It is however easy for an attacker to gain a Steemian's trust and use that trust to send him malicious files that might contain a keylogger, a phishing link and the likes that will enable him to gain access to your account.
If one just remains alert and not trust any links that one sends to them, then the security of your account is at least guaranteed. Of course it would also be better for all Steem platforms to inform the new users about phishing attempts on Steem as there are honestly alarmingly many.
Also for people who mistakenly send in their keys on memo transfers, (I think it was also @sami100 who scans the entire blockchain for mistaken keys posted) there used to be a bot called @noblebot which tries to gain access to the account before the attacker gets access to it. For some lucky ones, that bot got access to the account first before the attacker does and managed to change the code to be later given to the original owner.
You might want to check the tool here: https://steemit.com/steem/@noblebot/noblebot-is-introducing-a-new-tool