View this post on Hive: @r0nd0n Saves the Day - Again!
I couldn't have done it without @drakos and @ausbitbank. Stay safe out there, them streets are rough.
Posted using Partiko Android
Do you know how?
Phished, I suspect.
Curated for #informationwar (by @wakeupnd)
Can you please elaborate on the hack? This account I was given has been upvoting posts that I never upvoted. Was not sure if I was hacked as well. I checked Steem Auto and the slate is clean there. No auto votes, or trails whatsoever.
At any rate if you don't mind explaining I would be interested in learning more about what happened. Thanks.
Back in April someone accidentally posted their Owner key and their account was taken over. That account has somehow phished me, apparently by making a clone page of Steemconnect, and a page that appeared to be a post that directed me to sign in using my key.
Once they had my key, they got my liquid tokens, and there they sit. Because of @r0nd0n's help, I was able to stop the powerdown of my SP they initiated.
Note: I was not able to post, comment, or vote for a couple days, and thought it was just Steempeak acting up. Instead my keys had been changed, and had I acted quickly, I might have prevented the loss of all my liquid tokens.
Your account casting votes you did not indicates your account may be being accessed by another party.
You should change your keys immediately, so that the account cannot be used by anyone to do bad things. You don't want to be accusable of phishing or anything like that, I am sure.
How can you change ur keys, while they did it already?If they change keys, your keys are outdated and dont work on a key reset?
The owner key is necessary to change keys. That was why the malicious actor was able to completely take over the account they used to take my tokens, but not mine. They only had my active key, and not my owner key, because Steempeak requires active key to login, and I do not use my owner key to login. I was able to change my keys and lock out the bad actor before the powerdown proceeded.
@guiltyparties has reached out to me regarding the incident, and discovered how I enabled the attacker to change my keys. I attempted to post a link, and for some reason the copy action I tried to undertake did not work, and I didn't notice. I had just logged into Steempeak, and my active key remained in my clipboard then was pasted when I posted the link in the comment.
Since it was a link, it was not visible in the text of the comment and I did not notice it. The hacker runs a script that searches the blockchain for keys, and found mine in seconds.
Steem Keychain would have made that impossible, and I regret now that I was not using it.
Only if Keychain is accepted, not if you have to copy ur key from Keychain to steemconnect, right?
Unfortunately you are correct, and my browser doesn't work with Keychain, so I had to paste my key into steemconnect, which loaded it into the clipboard, from whence it was pasted for the entire world when I posted a link.
:// how unlucky
I don't think of it as luck. I think of it as bad opsec. In Alaska where I was raised, I learned that if it happens to you, it's your fault.
hurtful truth, but as anarchist I can completely agree and have the same opinion.people are not ready to be accountable; women are a special topic.