PSA: CHANGE YOUR PASSWORD NOW (Ongoing Phishing attempts)
Today while exploring the blockchain I came up with a lot of posts that are phishing attempts to get hold of your Active key or master password or whatever you use to login in STEEMit (see why you should not login with your master password to post)
I compiled a list and went to speak with the nice people @steemcleaners and they were already aware and measures have been already put in place to mitigate or stop the damage this could potentially do.
A Post flagging campaign was launched using @cheetah, and @patrice form SC have had a hard day doing her magic and protecting us.
But from speaking to one of the victim's his testimonial here I realized that I have had the same problem.
STEEMit.com for no reason had been asking for my password.
Initially i dismissed it as a site glitch but was today while speaking with @outwalking (one vitcim of the scam) that i realized my account was at risk.
I usually login with my Private Posting key, so my money was safe, but it doesn't means that the attackers cannot do what they did to the victims (Start posting or modifying old posts to avoid detection) and inundate STEEMit with fake posts that will get your KEYs and either make you become part of a spam BOT-Net or empty your wallet
Here is a great tutorial from @reggaemuffin on how to Change your password
The only thing I would like to add to his post is:
I think they used some JavaScript to poison out cookies I'm digging into the matter, but stopped to write this post so everyone can be aware of the situation.
I'm not a witness or anything just a STEEMian like you trying to help make this place better for all of us. But I'm working and learning to become one to care and make the Spanish / Latino community grow
Thanks to @happyme for providing the link to what the different Keys DO
Money Talks!
| ReSteems & Upvotes | Show you cared about what i had to say : ) so if you enjoyed...
This post recieved an upvote from minnowpond. If you would like to recieve upvotes from minnowpond on all your posts, simply FOLLOW @minnowpond
This post recieved an upvote from minnowpond. If you would like to recieve upvotes from minnowpond on all your posts, simply FOLLOW @minnowpond
Not to be stupid but how do you resteem. Thanks for post.
No worries:
It is is that almost invisible thing in the lower part of the post
Thanks for the mention!
Consider it done. Have a nice day.
Thanks for PSA!
Hey where do i find out what all the different keys mean? There seems to be like 3 reg and 2 private. I have read that Master key should not be used, but it seems to be only one that has worked for me.
I'm usually signed in all the time, butbwhen i have tried to do actions it asks me to sign in again (?) is this what you mean?
Confused...
Thank you!
look here for what all the keys are and how to find them (and a ton of other useful information).
Thank you!
You rule
You are most welcome. I wish there was more advertising that the wiki actually exists.
Yes if this happened in the last few days, your key is most likely compromised.
Let me dig some articles bout the meaning of the keys, but just to post the Private posting key should be ok, the others are mainly for wallet operations and witness vote
Thanks... no i'm worried, lol, just gonna chill
Hmmm so you think they hacked cheetah? Maybe that explains why I got a cheetah comment on a post that was 100% original the link they posted was blank.
I did click on it because well it was cheetah and I was trying to figure out what the heck they claimed I copied.
long story short...you think I should try changing my pw then?
Here is the post from cheetah:
I doubt it, @cheetah is run by people who knows their stuff... :)
You can appeal here and let them know you think it is a mistake SteemCleaners Chat #steemitabuse
If you ask nicely and explain they will be really helpful, please dont go angry there (I tried that once and didn't work) and today they have had a hard time keeping us all safe.
Ohhhhhh I totally misread your post!
I thought you were saying they used cheetah to some how get people's pw by flagging their posts.
WOW I'm dumb! LOL
But thanks again for the help on the appeal idea!