Download a Dtube app and got hacked
I knew something was funny
When I kept trying to upload my video yesterday on the dtube app I downloaded and it wasn't uploading. I should have went and changed my password right away. Instead I just assumed it was a throttling error as I been using my phones data a lot and know I am going to be throttled. Boy was I wrong, I should have went with my gut because I tried commenting back to someone and couldn't. Said I didn't have posting rights. What?
Hooked up my hotspot to discover my SBD gone
It wasn't a whole lot. They should have waited a week I have pending payouts of about $200, they only got $33 but Mother flying f*ck what the hell is wrong with people. Here is a screen shot of the account it went into.
I don't know who left the review before me but I was having the same problem and was hacked, if you know this person tell them to go change their steemit password unless ASAP. This was the Dtube android app that I used. And see ladies and gentlemen this is why I prefer to use my computer and not apps. Because apps are not as easy to check to see if they are secure and if they are legit.
Then I got to looking and don't know why I didn't notice this yesterday
There are a bunch of different app's claiming to be the d.tube app. I don't know which on is legit and which one isn't but I do know I got one that was a mirror to the site, as it wouldn't allow uploads. They also didn't attack right away, very smart of them. But I am wondering how many of the other hacks are related to this app download. That is the only place I shared my password. I know better than that and if I remember correctly I just signed in with my posting key on the site using my computer, not my master key. My fault lesson learned. Everyone can have a duh moment. Never again will I use any of the apps. I will use my browsers or nothing else.
To the Theft that stole from me and others FUCK YOU ASSHOLE I HOPE YOU GET WHAT IS COMING TO YOU
I am a nice person most of the time. And if you told me a sob story about how you needed it you could have scammed it out of me, and maybe even more. You think you are hidden behind autonomous numbers that you can hide behind it, the thing is, that everything leads back to some where and you are gonna piss off the wrong person and they are gonna track you. Hopefully it ends up with you in a prison cell.
To my readers
I know I have even warned this before but don't share your Masterkey with any third party site, they should only need your posting key to be able to use the site and connect it to steemit. If it wants your master key it is a scam, don't have a blonde moment and fall for it. No offense to blondes
Wow Im so sorry to read up about this. These guys are using our logo and everything...
We don't have official apps for DTube (... yet), but I've seen other unofficial app releases a couple of months ago already. Looks to be the same one but slightly modified in order to steal your master password ...
A good rule of thumb to remember is to only use your POSTING KEY. You can only login with posting key (or steem connect) on the real DTube, and we will never ever ask you for more than your posting key, in order to avoid security issues like this.
Also please report these idiots on the android store.
And I know this and even thought for a split second after I put it in that I should change my password when the video uploaded so totally my fault for ignoring what I know. But I figure maybe this is how some others are being hacked so I wanted to warn other users
And I have reported it to the google play store
Post very important, we hope that as many people as possible read it. I'm sorry you had to lose your money.
It does suck but at least they didn't get very much. And they didn't have time to spam comments.
I did not think that this was possible. What bad people are there!!! I'm sorry for what happened to you. I make resteem, so that your experience can be useful to save other accounts.
Never log into 3rd party apps with your master key. If they ask for your master key run. Only use your posting key on 3rd party apps or sites.
I knew this and am kicking myself I didn't pay attention closer. Won't happen again.
I keep all keys offline and use steemit only on the original server, it's a bit inconvenient, but I've invested too much time and sacrifice to risk losing everything.
But I'm glad you managed to solve everything. Hopefully it will not happen again!
It won't I won't be using apps anymore direct browser connection. I too keep my keys offline. I have mutliple copies in more than one secure location. They didn't get much. Shit if they would have asked and told me they needed it I am the type of person I would have gave it to them. I give to all kinds of causes and to people in need.
How awful! I am so so sorry to hear that they targeted you.
It is getting bad out there in the Wild West of Cryptos world.
Over time I would suspect that things will become safer and safer, but right now hackers and scammers are having a field day.
I'm glad that you recovered your account quickly though.
Take care,
Always triumphs the right and the human must be patient, we are great so I will never accept me less than greatness greetings @canadian-coconut
Thanks for sharing this. Sorry it happened. So you are good to go now? You have your password changed an all that? Is your steemit account compromised forever?
I am good I have control back of my account and I have changed my passwords twice since it has happened just to make sure I am good. I am lucky mos of the accounts hacks have done more than just steal their sbd from their accounts, they have also been spamming comments with spoof links to hack additional people. It is pretty messed up. Always check your browser address before putting in your keys and what this has taught me is that apps are not secure enough to trust with your steemit account.
Bummer you got hacked and lost some of your SBD that sucks! But good to hear it wasn't a lot more than that! Thanks for sharing your story with us so that hopefully others can learn from this and avoid having something similar happen to them as well!
I am on here so much when I couldn't comment I knew something was wrong, so I was able to stop any further damage, thankfully I don't have much of a life in the winter time. I have back issues and the winter isn't my friend.
I bet that was a bit nerve wracking even if you didn't have a ton of liquid steem/sbd for them to take. I would prolly freak out if I couldn't access my account, heh. Anyways.. As I said before, glad it wasn't more serious! And hopefully others learn as well, this is one reason I've not used my phone with steemit since I became more aware of such risks. Maybe in the future it will be more secure, though right now I only post from my computer as well.
I normally only post from my browser if I do uses my phone. I did post the video but I ended up doing what I was trying to avoid and using my what little bit of data I have left on my hotspot to do it. I have 3 days left before I get more data. Moving into a new built house and having to wait for internet for 6-8 weeks is already sucking big time.
Holy crap. I'm so sorry. Thanks for posting the word of warning. Take my measly two-cent upvote to seed your new wallet.
It isn't a big deal really I was reinvesting that money into the community, but that sucks now I can't do any contest for a while cause I don't have prize money. That is what really sucks, now I got to build back up. I had planned to put another contest live today, now I am gonna have to postpone it. And they didn't get any of my SP or spam comments that ruin accounts like many have had happen to them.
Yikes! That sucks. I agree, it's too difficult to tell if an app is legit on the app store. Sorry that happened to you.
Lesson learned and I am lucky many have had to create new accounts as their main accounts have been destroyed from comment spam the hackers have also been doing. At least I recovered my account before they did that.
Thanks for letting the community know about this problem, hope that no one falls again in this trap.
Take care,
Luca ✌️
Did you use a private key or your master password? The stupid thing is Bittrex knows their identity. They require it for withdrawals. You should change your master password here at steemit.com.
I did already. And bittrex isn't gonna give up who owns the account. I was a dumb ass and used my master key when it asked instead of deleting it. I knew better but had a duh moment
Would you find it worthwhile to pay a small annual fee to have 2FA with Steem/SBD but in a way you do not trust the provider of 2FA? That is, the idea is the provider can't take your funds, even if it tries.
They didn't hack my bittrex account and can you enanble 2FA on steemit. I have it enabled on the exchanges I use but never saw the option here.
I am attempting to do this on this blockchain. The account needs to be adapted and the wallets (including Steemit.com's wallet) needs to be adapted first.
To do this, I had to write a program that would enable that kind of stuff, and now I need it enabled in the wallets. I am using steem's testnet. Do you feel confident installing Python3.6?
The testnet doesn't affect your real account but it allows us to try things with experimental software that I wouldn't try on the main net without some testing. Would you like to participate in testing?
The program that enables 2FA, is 200 lines long. So, you can inspect it and make sure it isn't doing anything malicious. I wrote about it on my blog.
I created an elf account on the testnet. Create one on the testnet with a distinct password (one you have never used before) and you will get quadrillions of testnet Steem dollars. You can find the testnet at: testnet.steem.vc. You can log into the testnet steemit like website at: condenser.steem.vc (use testnet credentials not your real credentials here)
If you are into programming, I'll follow you.
Once I get settled I might look into it. My programming skills are rusty but with a little studying I am positive I can get myself up to date.