If you haven’t already read my cousin @noisy post about hacking Steemit accounts...
First of all - I’m not even a programmer.
We found out about human made errors in transfers’ memos. Some users used their passwords in public field so anyone could just “hack” their accounts without any hacking skills. Some of those users used their passwords by mistake and they found out those mistakes. But others... well... they didn’t. Until today their passwords were there in the open.
We found only 9 working passwords and we changed them. But look when they were published:
Reaction time | Passwords |
---|---|
< 1 week | 1 |
< 1 month | 1 |
< 6 months | 5 |
< 1 year | 2 |
But there are more to that.
We know from experience that passwords begin from P and have 52 or more random characters/numbers. When we searched the memo database we found out 28 of those passwords! Some of them were already changed but we can’t be 100% sure if they wasn’t changed by someone else. And I suppose there are a lot of not-generated passwords that were changed already. We will never found it out.
Here is the known list:
User | Password published | Password changed |
---|---|---|
@anggicitrayani | 2017-05-06 04:12:24 | 2017-05-09 04:07:00 |
@anwen-meditates | 2016-07-25 04:22:33 | 2017-06-07 13:10:51 |
@aubreyfox | 2017-01-21 14:52:09 | 2017-06-07 13:14:54 |
@blacktiger | 2017-05-10 14:55:48 | 2017-06-07 13:14:30 |
@christoryan | 2017-03-28 09:19:54 | 2017-04-09 02:08:18 |
@crazymumzysa | 2017-02-04 11:07:15 | 2017-02-04 11:09:51 |
@dunja | 2017-02-20 01:11:51 | 2017-06-07 13:10:00 |
@elewarne | 2016-10-29 13:07:09 | 2016-10-29 13:43:33 |
@hansolo | 2017-02-25 14:03:36 | 2017-02-25 14:24:27 |
@hpns0110 | 2017-06-05 14:33:24 | 2017-06-05 14:43:06 |
@jakethedog | 2017-03-21 22:16:03 | 2017-06-07 13:10:54 |
@loveofprofit | 2016-09-12 22:55:18 | 2017-05-31 17:55:27 |
@marszum | 2017-05-20 16:56:18 | 2017-05-21 22:48:03 |
@me-tarzan | 2017-02-12 19:05:12 | 2017-02-15 13:54:33 |
@miketr | 2016-07-30 13:28:09 | 2017-06-07 13:13:24 |
@quetzal | 2017-06-04 10:47:03 | 2017-06-07 13:14:36 |
@ricardoguthrie | 2017-04-25 23:36:18 | 2017-05-14 19:30:06 |
@riskdebonair | 2017-05-29 18:12:36 | 2017-05-29 18:15:03 |
@streetartgallery | 2016-11-01 19:40:48 | 2016-11-01 19:46:24 |
@t3ran13 | 2016-08-16 19:28:48 | 2016-08-17 05:38:24 |
@technology | 2016-08-15 15:42:18 | 2016-08-15 23:50:57 |
@tieuthuong | 2017-03-19 01:44:18 | 2017-06-07 13:14:42 |
@uiaslout | 2017-05-11 17:15:03 | 2017-05-15 04:57:06 |
@virtualgrowth | 2016-10-24 19:10:06 | 2016-10-26 04:49:06 |
@virtualgrowth | 2016-12-06 19:08:45 | 2017-06-07 13:00:33 |
@voiceover | 2017-03-25 17:03:00 | 2017-03-29 23:14:48 |
@xcigar | 2017-06-03 23:18:00 | 2017-06-03 23:21:33 |
@zer0hedge | 2017-06-03 02:24:48 | 2017-06-03 02:25:24 |
Let’s sort it by reaction time of password changed.
User | Reaction time | Our action |
---|---|---|
@zer0hedge | 36 s | no |
@riskdebonair | 2 min 27 s | no |
@crazymumzysa | 2 min 36 s | no |
@xcigar | 3 min 33 s | no |
@streetartgallery | 5 min 36 s | no |
@hpns0110 | 9 min 42 s | no |
@hansolo | 20 min 51 s | no |
@elewarne | 36 min 24 s | no |
@technology | 8 h 8 min 39 s | no |
@t3ran13 | 10 h 9 min 36 s | no |
@marszum | 1 d 5 h 51 min 45 s | no |
@virtualgrowth | 1 d 9 h 39 min 0 s | no |
@me-tarzan | 2 d 18 h 49 min 21 s | no |
@anggicitrayani | 2 d 23 h 54 min 36 s | no |
@quetzal | 3 d 2 h 27 min 33 s | YES! |
@uiaslout | 3 d 11 h 42 min 3 s | no |
@voiceover | 4 d 6 h 11 min 48 s | no |
@christoryan | 11 d 16 h 48 min 24 s | no |
@ricardoguthrie | 18 d 19 h 53 min 48 s | no |
@blacktiger | 27 d 22 h 18 min 42 s | YES! |
@jakethedog | 77 d 14 h 54 min 51 s | YES! |
@tieuthuong | 80 d 11 h 30 min 24 s | YES! |
@dunja | 107 d 11 h 58 min 9 s | YES! |
@aubreyfox | 136 d 22 h 22 min 45 s | YES! |
@virtualgrowth | 182 d 17 h 51 min 48 s | YES! |
@loveofprofit | 260 d 19 h 0 min 9 s | no |
@miketr | 311 d 23 h 45 min 15 s | YES! |
@anwen-meditates | 317 d 8 h 48 min 18 s | YES! |
When we compress it a little:
Reaction time | Passwords |
---|---|
< 5 minutes | 4 |
< 10 minutes | 2 |
< 1 hour | 2 |
< 1 day | 2 |
< 1 week | 7 |
< 1 month | 3 |
< 6 months | 5 |
< 1 year | 3 |
And finally when it will be changed into graph with days in bottom:
CONCLUSION!
Be careful! This data can be found by anyone and it’s still out there in the open! Think twice when posting a memo during transfer!