On a Wednesday in April, I was doing my thing – I am trying to develop a routine – of “doing” comments, checking posts and doing my bit for #steemitbloggers and #teamsouthafrica, the two Discord servers on which I am most active. I’m still learning my way, and I’m not as active as I should be on #worldofphotography because I don’t consider myself even a rank amateur when it comes to photography. I dabble at best, and tend to point and click my smartphone and my Samsung bridge when I am able. But mostly, am pre-occupied. So back to that day, and trying to develop a routine. It was also part of my strategy to build a reputation on Steemit, and maximizing the return; as one should, but to which engagement is a central tenet. Engagement is not just critical to success, potentially financially, but also to one’s sense of self on Steemit. That day, and the ensuing days taught me how true this is.
So, there I was, doing my “thang” and I came across this comment with a link about auto votes.
“Oh, cool,” Me thought, "this might be useful.”
But then Myself said, “Are you sure? That link looks a little weird and the real Steemit community doesn’t actually approve of too much automated stuff. You know you can’t comment and/or upvote within 20 seconds of the previous one.”
“Umm, ja, but that the hell? What have I got to lose?” I ask Me.
I get on with a few other things because, all of a sardine, there was a power outage. We live in the country and it happens from time to time, but it’s really annoying. Especially sometimes, as happened that day, it was scheduled and because of our poor mobile phone service here, we don’t find out until AFTER the fact.
Up to that point, my day had been uneventful, and I was happily preparing for my mid-morning meeting with a client.
Then the power came back on. Suddenly I had more notifications on my Discord icon than I’d ever seen – before or since. @Ginabot had gone mad. She was shouting. She was blaring, and she carried on shouting. She was going beserk.
“WTF?” I ask, in real words and CAPITAL LETTERS. “I” was suddenly commenting on posts that would never enter my consciousness, and in languages I could not recognise, let alone understand.
The next few minutes are a complete blank.
A huge knot develops in my stomach. What have I done? What do I do?
Not only a Minnow, but also a bit of a technodunce, I know that I need help and head over to the @steemitbloggers Discord server, where I’d already done the daily greet with the folk online.
I ask for help.
Mercifully, the calm voice of reason and (help) was online. Step by step @zord189 asks me a series of questions, some of which in my panic, I can’t answer.
“Which password? Which key?” He asks, instantly suspecting I’d been hacked. Then, came this instruction:
I couldn’t get to my wallet. I couldn’t get into my account.
And then, he asks, “Have you transferred any money from your wallet?”
“No.” I had not then, have not yet, transferred anything out of Steemit. I have done the odd small transfer to other user accounts but that’s it. I’m saving what little I have. For a rainy day.
He was checking movement on my account and sent me to check for myself: half my wallet was gone.
An aside: you do know that your wallet and its transactions are all public – if you know where to look?
Revised diagnosis: HACKED and PHISHED
All I could do, again talked through the process by the calm voice of reason, was to go through the steps to recover my account and wait.
By the time I returned from my meeting, an hour later, my hard-earned reputation had gone from a from 44 to minus one. Virtually everyone of my comments, not just the spam, had been flagged and downvoted. Gina was very busy passing on messages from Steemians telling me not to spam.
I felt helpless, horrified and mortified.
What “I” was doing flew in the face of everything I’d come to understand about Steemit and what the community stands for.
Oh, she of little faith.
The founder of @steemitbloggers, @jaynie included one of my posts in a curated post, and folk called on their folk to support, like the two below, @sweetpea, @byn, as well as @thekittygirl, @roseosman, to name just a few.
Then, there was #teamsouthafrica, @joanstewart and @therneau – the latter having been told of the “drama” – his word – by his Steemitblogger wife, @jusipasseti, as well as the help from @fates who sent me numerous private messages of advice and support.
But I still couldn’t DO anything. I had to wait until I received THAT email, allowing me to recover my account. You can’t rush certain things: there are things that HUMANS do in Steemit, and that is the monitoring of the support email and the account recovery process.
The email arrived, just under 24 hours later, and I logged in to deal with the mayhem. I followed the instructions from @simplymike says in a well-crafted and thought-through post about how to re-establish my reputation. Central to this, and before I could contact the @steemcleaners, to “ask” for my reputation back, I had to go through and edit every single spam comment. I went one step further, where I could: I upvoted and responded to each comment that told me I had spammed – with a genuine apology. I did not want anyone else to have been caught the way I had. It was too awful to contemplate.
It was a long, emotional morning. Emotional because I was overwhelmed not just by the entire experience but by the support. Then, as they say in those awful television commercials, there’s more.
Again, Gina goes nuts. As folk realised that I was back on track, posts that were “younger” than seven days start getting upvotes, comments and the odd re-steem. I can’t keep up with her and the fantastic support.
I begin to feel overwhelmed, and have a lump in my throat because, yes, there’s more: @fates shares some of her Steem so that my posts get upvoted.
Steemians are still not done:
On Discord, I get this question.
As good as his word, @raymondspeaks did just that, and gave me the good news that my rep was being reinstated. More to be grateful for when I check my wallet. I can’t believe what I’m seeing. The SBD that had been stolen, were back. A gift from @raymondspeaks with the memo, “There! Now you haven’t lost anything but some reputation.”
Then the floodgates did open. The Husband who shares the office looked at me as I quietly lost the plot - tears were streaming down my face. I am tearing up again, as I write. I had told him about how supported I felt by this community, but hadn’t expected this level of support. He is now a vicarious @steemit convert! He's not online for anything other than email and the bank.
Over that thirty odd hours, my emotions went from a sense of desolate violation, not understanding why anyone would hack into any account, let alone mine which had virtually nothing in it, to humble gratitude for all the care and support from the Steemit community.
That day ended with another message from the trusty Gina: a comment on a comment on a post on which I had no recollection of commenting.
Wow! My reputation was not just back to where it had been, but it was slowly creeping up.
So, what did I learn through this experience?
Clear your cache once you’ve recovered your account
A couple of days later, having recovered my account, I found myself “locked out” again. Advice was to recover my account again. I did. I waited for a few days for THAT email. In vain. I reached out to @steemcleaners and in a private chat, was asked by @guiltyparties, both a witness (go and vote for him/her) and a Steemcleaner, about what I’d done on my account in the previous few days. To cut a long story short, and thanks to him, I got back into my account: a cache issue. Another lesson learned.
NEVER use your master password unless you HAVE to
• save your password to Google or any other automatic password filler
• use it as a means of logging in to another linked Steemit platform or app, like Steemconnect, eSteem or Steepshot
• use it to post or comment – use an ACTIVE key for this
Hackers are real, we see it happening everywhere, rather be safe, not sorry.
• Make use of a password manager – I am fortunate to have a lifetime subscription to Sticky Password which operates in the cloud and across a number of devices. It has a number of features I really like, including a secure memo functionality and the automatic deletion of the contents of one’s clipboard.
Change your password
When you recover your password, CHANGE it.
- Save all your passwords and private keys into a “paper wallet”. This post from @joanstewart includes information about where and how to securely save and store your personal information.
- Save all the public and private keys so that you have them on hand.
At the same time, and if you don’t know what they’re for, make a note of that so that when you do something and you’re asked for a DIFFERENT password or key, even if you’re logged in, you know what to do.
- DO NOT change your password again in a hurry. You can only change your password every 30 days. If you try, you could get locked out of your account.
Listen to that little voice
We have three voices – Me, Myself and I. Do listen to that one that says to you that something’s not cool because it seems too good to be true. That means that one mustn’t click on links that look like this
It’s short and it’s too much like a steemit URL, but NOT QUITE. DON’T DO IT!
Have a PA
Had I not had Gina, I would have been oblivious to what was going on until it was too late. She is a bot and once you’ve registered with her, she’ll tell you about as much happens on your account as you need or want to know.
And last, but not least: Real, caring people live on Steemit
Over the couple of days that I had this crisis, I was literally overwhelmed by the care and support from folk. I have mentioned some that reached out to me and I want to mention two others. Both of them reached out to me in the midst of their own life crises and my hope is that anyone reading this goes and upvotes a current post as they can use all the help they can get: @lynncoyle1 and @simplymike
Humbly yours, and with gratitude
The Sandbag House