@samstonehill has been hacked & cannot be re-accessed. How did this happen & what are the solutions?
After making the schoolboy error of entering my master key into a website which despite initial appearances turned out not to be our beloved steemit.com, I can do nothing now except watch the thief take around $3,500 worth of steem, week by week.
Anyone who has voted for this account in the last week, please withdraw your vote immediately to ensure they get as little as possible.
And resteem this article to build awareness of this important subject, especially now that the hackers are using my account to try and hack others. So if you see any messages from @samstonehill in your wallet, saying that they have detected unusual activity in your account, please just ignore it.
What about the account recovery process?
The recovery process won’t work for me because I didn’t write down the email address I used to confirm the account.
Account recovery link here: https://steemit.com/recover_account_step_1
It was my understanding at the time that we should set up a new email address for the purpose of confirming the steemit account and not use that email address again, as to protect our anonymity.
The Steemit registration guidelines were very clear about writing down the master key… which I did. But they did not mention to write down the email address used to confirm the account.
SO TAKE NOTE:
If your account is hacked you will need your master key and email address to recover it.
How am I feeling now?
Not great to be honest.
In truth I feel a bit let down by Steemit. Yes, I was the one who made the mistake by falling into the trap but it brings up three important questions for me:
1. Should the Steemit devs consider adding a function which enables them to terminate hackers' accounts immediately?
This particular hacker's account (despite having a rep of -3) is still active and most likely still scamming people. You can see it HERE
2. In this situation should there not be a system in place which prevents the hackers from so casually taking the STEEM using the power down system?
I would prefer to see my STEEM go back to the reward pool than watch a thief slowly take it week by week.
3. I followed the registration instructions without fault and never lost my master key, so is this a flaw in the current system?
It feels to me like something needs to change within the registration process if Steemit is going to prove itself to the masses as the awesome next generation social media platform which I still firmly believe it is!
Create a warning system which sends out a message to EVERYONE in their wallets when there is a scam like this happening.
Add a FREEZE ACCOUNT function, entrusted to the Steemit Witnesses only, taking away the incentive for future scammers.
Add one sentence in the registration process which highlights the importance of not only the master key, but also the email address through which the account is confirmed.
I have passed on my story to the right people and I hope this will create some solid changes, making me the last person to suffer this experience.
It has been a tiring few days, checking every combination of name, password & email account provider I can think of. Without any luck.
Am considering seeing a hypnotist tomorrow who may be able to help me access this small piece of information which must be stored somewhere in this busy brain of mine.
Depending on how much a service like this costs? Hey…that would make an interesting steemit post!
It wasn't easy explaining to my french partner Sabrina that I made this mistake and consequently lost our savings, dramatically changing our plans for the future. In time she will forgive me.
The hardest part has been the mental challenge of letting this go and focusing my thoughts back on the things that make me feel good again... because I worked so incredibly hard to get my rep number up to 70.7 with 2,155 followers over the last 14 months.
...and now I have to start from square one again.
But I do believe that in time all of this will make sense to me and I will look back with a smile, knowing that everything happened exactly the way it was meant to happen.
Haha... thanks Abe. Am doing my best!
How did I make this mistake?
First and foremost I was tired. Exhausted in fact.
I had been working hard on creating a donation account (@charitysteemit) and numerous posts (from the @samstonehill account) designed to raise money for the growing number of evacuees stuck in camps here in Bali waiting for their volcano to blow. My heart went out to these people and I pushed myself very hard to do what I could for them.
…and then (as a tourist here in Bali) I had to do a visa run to Kuala Lumpur. After working through the night I couldn’t sleep on the flight and with only a short turnaround before getting back on a plane to Bali, I decided to grab a coffee to keep myself awake. They had wifi so I logged on to find the following message in my wallet:
I had never seen anything like this before, so I clicked on their link which took me to this page.
I sent them an email explaining that the 'unusual activity' they mentioned was most likely due to all the donations coming in to my account for the Bali fundraiser.
I also told them it was not good practice to hand out my master key in this manner. They responded straight away by email insisting that this needed to be done immediately in order to secure my account.
With only a few minutes left at this point and in fear of losing the money for the people of Bali, I glanced at the url of their site and it appeared genuine in my tired state. Now of course, I can see clearly it is not, with an I before the steemit.com
Full of fear and the knowledge that I had to run for my plane, I entered my master password and hoped all would be well.
By the time I arrived back in Bali 3 hours later the account's password had been changed and I was locked out.
The following day they took down my colourful banner and all personal information. I wonder if my family photo was messing with their sense of morality?
Now my account looks like this
and I can only imagine what rubbish they intend to spam people with.
Thankfully I had already transferred the STEEM & SBD donated from many generous steemians (for the Bali fundraiser) into the @charitysteemit account. So those who contributed can rest assured this money will be used as intended for solar panels & water filters.
But the money raised through my @samstonehill posts on this subject is gone now. And to those who voted for me with the intention of helping the people of Bali I am deeply sorry for my mistake. I can assure you it will never happen again.
What have I learned from this?
Rest more! When my body is tired I make mistakes.
Make use of the community! As soon as I was back in Bali and no longer under pressure to get on a plane, I found within 30seconds numerous posts advising people this was a scam.
Steemit could potentially have better security protocols & measures in place to disincentivise scammers.
Consider using sites like anon.steem to create your steemit account. They don't require email addresses of phone numbers, and the account is created immediately. But the best thing of all is that in this situation, they would verify that I am me through something as simple as a video call. And I would have my account back again.
As the popularity of this platform grows, so too will the complexity of these scams. And vigilance will be required at all times!
And I am actually a little bit excited about that 😄
It will be interesting to see how quickly I can build myself back up again with my 14 months of experience and the many wonderful friends I have made here on Steemit.
I am determined to stay as positive as I can about this situation and I hope my that my experience ensures it doesn't happen to anyone else in the future.
On a final note I must tell you that I find it very hard to ask people for help. But in this moment I really do need your help.
My trading account investments are looking low right now yet I have no choice but to sell them all... and in around 2 weeks when this money is spent, I have no idea what we will do.
I could always go back to London and start making films again, but I would very much like to continue using Steemit in the way I was using it before... in order that I can continue inspiring you with my tales from around the world.
So, you can help me now with a simple upvote & resteem 🙏🏻
And I hope too you will follow this new account @samstonehilltube from which I will continue to provide quality posts worthy of your attention.