Those following my blog know I don't need further reasons to race to the toilet at present, but that almost happened this afternoon when I saw my steemworld.org screen light up with 4, 100% upvotes to accounts I did not recognize. Shiiii...........
First thing's first - Start sweating and go find my master key!
Thinking I'd been targeted, I changed my keys for this account and my alt. account as checking the voting there i saw the same was happening. This actually made me feel worse for a second, and then better as I realised that some smart-arse was doing this en mass, and that I might not be the sole target after all.
On checking the posts that my votes had been cast on, I saw a number of other voters who would likely not be there too. Ok. Phew. Not just me then!
After I'd changed my keys, I visited steem.chat and pinged a few knowledgeable types on discord to try and find out more information. The individual apps relating to steemconnect were being mentioned as the source of the 'hack', and so I started to revoke permissions to these apps I'd registered here: https://v2.steemconnect.com/dashboard
steemconnect were also being mentioned as the possible source, and it was then I was invited over to listen to an emergency meeting on the @utopian-io discord chat, where I saw the following:
I managed to catch 5-10 minutes of @elear explaining the situation, and it sounds like a major trust was broken within @utopian-io for this event to happen. The steemconnect token (stored locally by @utopian-io) was taken by the hackers to act on the users' behalf, issuing votes programmatically.
Always be extra nice to your DBAs
Having worked in the IT industry for almost 20 years, in and around Database administration, it is just a fact that your Database Administrators have access to information that as a business owner, you'd rather not let them have, but you have no real choice. You just have to trust them.
I've signed pages and pages of documents in the past, stating that I will not be abusing or misusing any of the information that would be available to me. And although the small-print escapes me right now... I would have likely been prosecuted if I had done so.
Unfortunately, @utopian-io does not have decades of experience, laws, and legislation in place right now, and while this has perhaps been a positive in allowing rapid development of the business, it has to be seen as a negative today. I feel sorry for @elear and his trusted team members, and I really hope @utopian-io can bounce back from this.
On to the votes I didn't cast.....
Well 'I' did give a couple of down-votes, but hey, the reward pool probably needs a little hand now and again so lets skip those and go to the upvotes :)
After reviewing these posts for quality, and seeing that they have all been bot-boosted, I decided to remove my vote from all.
Beautiful maybe, but $200+ for a flower is a bit excessive to me.
Today I learned that I can quickly reset my keys and copy them to multiple offline locations, this was a good 'under pressure' exercise without that much harm done.
It is my understanding that @utopian-io will continue to accept contributions via other condensers, in the next 12/24 hours.
Stay safe everyone, and have a good weekend!