You may have seen @ aggroed's post from yesterday, creating awareness among steemians that there is someone out there posing as steem-engine.com, but using a similar domain name. I resteemed it as well.
The phisher asks for your private keys on the fake steem engine site. Don't enter your private keys on this steemengine dot net site!
There were also two reports by @spaminator about thousands of accounts compromised by a botnet and blacklisted by @ spaminator. They provide the instructions what to do, if you are on the list of affected accounts.
That looked like a Friday 13th, indeed!
I hope people will pay attention and those affected will soon get their accounts back in order!
But on this subject I have one important question (important in my mind at least), for which I didn't find an answer yet.
How can one change the recovery account?
First of all what is the recovery account and where can you find which is it?
The recovery account is another Steem account which is able to initiate the recovery of your account, in case you solicit it after your account has been compromised. For the recovery to be possible, you often need to go through a process. On Steemit, Inc. you need to send them a recent password for your account, used no longer than 30 days ago. More information will be required to determine that you are the rightful owner.
Where can you find which is the recovery account for your account?
One way to find out which is your recovery account is to look in steemd (i.e steemd.com/@yourusername)
In my case for my main account it says it's @steem, meaning Steemit, Inc.
Why would anyone want to change the recovery account?
Even if it's sometimes called the trustee, it's not a matter of trusting that account owner with your account, as they can't do anything without your help, since you are the owner.
But there is a case where this matters: what if the recovery account holder becomes inactive or otherwise unreachable and your account is compromised? How do you recover your account then?
That becomes and will be even more of an issue, the more accounts are created by regular users who claimed account tickets using their unused resource credits and use them to create accounts for others.
When they create an account using their available tickets, they are set by default as the "recovery account". A responsibility maybe they didn't know they have, didn't ask for and don't want.
Some may become inactive over time or will be unreachable when someone needs them to recover their account. Then there's a problem.
I know there is a way to change the recovery account. I just didn't find out how yet. It would be a great idea if someone would share some light on this issue. Either by commenting here, or better yet, by implementing the necessary feature in a high-profile interface/tool.
I see @steemchiller has a nice account recovery tool on SteemWorld. Maybe a way to change the recovery account can be included, if or when he can.
EDIT: @ steemchiller answered almost immediately: see how you can change the recovery account in his comment below. Obviously, you can use SteemWorld, I just missed it and looked elsewhere. :)
Also, maybe there should be an automated procedure to change inactive recovery accounts to others still active and which have performed at least one account recovery recently (not sure how long "recently" should be).