In the past i wrote of how it was easy to lose out on your password or active keys, by inadvertently leaving it on the bare steem blockchain as a memo, while doing steem wallet transactions.
I was able to spot this 2 months ago and thought a post will be sufficient to get the word out as i am not entirely techy, and i did the above post.
Steemit is letting me peer into more and more things! I have started to learn some coding fundamentals.
In the post above, i was also able to propose multiple solutions.
Recently, this was also caught up on by more techy steemians. Basically, they were able to write a script to monitor what happens in our steem wallet area and were able to catch "around 11 steemit accounts" that laid bare enough details in their memo to give others full control of their accounts. Being amazing steemians though, they instantly worked on informing the community of their find and their fix. Their primary fix ofcourse, was to change the passwords of these steemians to safeguard their accounts from possible compromise.
We just hacked 11 accounts on Steemit! ~$21 749 in STEEM and SBD is under our control. But we are good guys 😇 So...
A very smart security measure on their part as well was that, they weren't going to contact any of these steemians via steemit.chat or discord urls and they left all news about this in their post.
Earlier today, i was contacted by a steemian who said he/her has can't gain access into his/her account and he/she was looking for remedies because his/her password has been changed by an unauthorized user and the first i did was to visit the post mentioned earlier to see if her username is on the list!
It wasn't there!
So next i went to visit Steemd and his/her steem wallet transactions, to see if there was any glimpse of an active key or password.
It was all clean!
Recognizing Steemit Keys
You will easily notice that on steemit, many passwords start with the word "P" and contains a 52-character-long alphanumeric string .
Hint: A steemit password wouldn't contain 0 (Zero), O (Capital o), I (Capital i) and l (Lower case L) characters!
Steemit active keys usually start with the numeral "5".
What When Your Password Has Been Compromised?
You should go to: https://steemit.com/recover_account_step_1
It is apparent that the real owner of a steem account, still has the option of recovering his account, for up to 30 days after it got stolen (the password has been changed by an unauthorized user).
Assuming you are using the "recover account" url above; this is a part that don't fully understand and hopefully, we get help in the comments:
Stolen Account Recovery can only be used on steemit.com if the account owner had perviously listed ‘Steemit’ as their account trustee and complied with Steemit’s Terms of Service.
16 Days Past Since You Lost Your Passwords. "Recover Them".
@dunja @anwen-meditates @aubreyfox @tieuthuong @quetzal @blacktiger @miketr @jakethedog; incase you missed out on this post, this is a small means of reminding you that you can still recover your passwords as it is still only 16 days past since the post written by developers on this finding and you will not be contacted in chat due to security reasons
Use this link:
https://steemit.com/recover_account_step_1
If you want to check if any of your keys may be laying on the steem blockchain in public, you can find a list & a script here that will help:
We just hacked 11 accounts on Steemit! ~$21 749 in STEEM and SBD is under our control. But we are good guys 😇 So...
Your boy Terry
JOIN ME
Let's form one strong beautiful empire of steemians who truly love one another!
Discord - TheAmazingTeam
or