After the ordeal of losing my account for 5 days to a hacker who used it to scam others... only to unexpectedly regain control of my account again yesterday, thanks to the awesome human side of Steemit Inc who despite their decentralised system were able to send me an email with a link which permitted me to get back in and change my password... I have learned many things.
Since getting my account back I have changed the password twice already. And it will be changed regularly from now on.
This whole experience has made not only me, but the entire Steemit community & system behind it STRONGER as a result.
To learn more about exactly what happened and how to avoid falling for their trap... read my post HERE
Over the course of five days I watched my account go from this
to this
to this
to this
It was not easy seeing this happening, knowing that I had brought it upon myself by making a silly mistake when I was very tired and under pressure to catch a flight.
Clearly I won't be making this mistake again.
When the dust settled I decided to open a dialogue with the owner of the account which scammed & hacked me @accounttransfers using the same system he was using, by sending 0.001 SBD to his wallet with the memo as my message.
I felt instinctively drawn towards thanking him
because in this moment I am genuinely grateful for what has happened.
A bot has now been created by @arcange to warn people when they are being scammed, using this same wallet message system.
The Steemit community has been made more aware of this type of scam and will be vigilant now. Assuming they take the time to read other peoples' posts... which clearly we must! Over 1000 people have read my article on this subject in the 48h since I posted it SEE HERE
The wording of the steemit account creation process is clear that the email address will be required if your account is ever compromised.
14 months ago when I joined Steemit, the wording was different and I set up a new email account with random name and random password, exclusively for the purpose of confirming this Steemit account... and I never used this email account again.
When my Steemit account was compromised I was unable to remember any details of this email despite my best efforts, making the standard account recovery process impossible for me.
One important fact has been made crystal clear for me as a result of this (thanks to @firepower):
If I use the posting key to log in and the active key when transferring funds, this keeps the master key offline as much as possible. And ultimately makes the account safer.
Please contact me in the comments below if you are in any way confused about how to access your active & posting keys.
USE STEEM POWER TO PROTECT YOU!
Steemit has been designed in a very clever way... to protect us.
The hacker was unable to take anything from me because it was all held as STEEM POWER.
The first STEEM payment comes 7 days after hitting power down. Which gave me enough time to resolve this before he could take anything.
In truth there were a few SBD in my wallet which he used to spam people with. But at 0.001 SBD per spam, this didn't cost me much.
So, the moral of the story is this...
Don't keep STEEM or SBD sitting idle in your wallet.
If you have STEEM and you don't intend to sell it for BTC, power it up now!
If you have SBD, sell it for BTC on an exchange of your choice and if you're wanting to power it up, you should sell the BTC for STEEM, transferring it back to your wallet before powering it up.
To clarify...
Hit the down arrow next to your SBD total and you will see this
CONVERT TO STEEM is a fast and easy option but you will not be getting the best rate of exchange. Hence my suggestion to use an exchange/market of your choice.
Each exchange varies slightly, so if you're really keen, have a check around for the best rates. You can see above that Steemit offers a market of it's own which would be the first place to check.
What was my conversation with @accounttransfers?
I sent him a little gratitude as you can see here... and a suggestion which I genuinely believe would help him.
his response was this
He clearly doesn't have access to my account but after a little research I understood better what he was saying and how this was achieved.
Consequently, I strongly suggest you all change your passwords now.
I didn't respond to his comment as I didn't feel like there was much more to say at that point! His implication that I am stealing your donations for the evacuees of Bali is laughable, given the visibility of our wallets. And you can be sure that I will document the entire journey from STEEM to solar products & water filters, photographing the smiles on their faces when they are handed over to them π
After not responding, he messaged me again with the following words
Well isn't that lovely of him. Good to know we are mates now!
In truth I have nothing against him, as is my way. I cannot know his experience of this world and do not judge him. However, I am still curious to know his motivations.
So @accounttransfers if you are reading this...
Perhaps you would like to leave a comment below explaining to the community why you are doing this?
Please understand that you are in one of the most loving and open-minded communities on the internet, and if you tell us your perspective we may even come to understand & support you.
Especially if you put on the WHITE HAT and use your skills to improve the security of this platform. I have seen others achieve huge pay-outs doing exactly this.
Looking forward to your response :)
Sam
Over & out for now...
Hacking code gif source. The STEEM MATRIX gif was created by me and you are all welcome to use it as you please.