@samstonehill has been hacked & cannot be re-accessed. How did this happen & what are the solutions?

in #steemit4 years ago (edited)

goobye me.jpg

After making the schoolboy error of entering my master key into a website which despite initial appearances turned out not to be our beloved steemit.com, I can do nothing now except watch the thief take around $3,500 worth of steem, week by week.

Anyone who has voted for this account in the last week, please withdraw your vote immediately to ensure they get as little as possible.

And resteem this article to build awareness of this important subject, especially now that the hackers are using my account to try and hack others. So if you see any messages from @samstonehill in your wallet, saying that they have detected unusual activity in your account, please just ignore it.

What about the account recovery process?

The recovery process won’t work for me because I didn’t write down the email address I used to confirm the account.

Screen Shot 2017-10-09 at 23.36.38.png

Account recovery link here: https://steemit.com/recover_account_step_1

It was my understanding at the time that we should set up a new email address for the purpose of confirming the steemit account and not use that email address again, as to protect our anonymity.

The Steemit registration guidelines were very clear about writing down the master key… which I did. But they did not mention to write down the email address used to confirm the account.

SO TAKE NOTE:

If your account is hacked you will need your master key and email address to recover it.


How am I feeling now?

Not great to be honest.

In truth I feel a bit let down by Steemit. Yes, I was the one who made the mistake by falling into the trap but it brings up three important questions for me:

1. Should the Steemit devs consider adding a function which enables them to terminate hackers' accounts immediately?

This particular hacker's account (despite having a rep of -3) is still active and most likely still scamming people. You can see it HERE

2. In this situation should there not be a system in place which prevents the hackers from so casually taking the STEEM using the power down system?

I would prefer to see my STEEM go back to the reward pool than watch a thief slowly take it week by week.

3. I followed the registration instructions without fault and never lost my master key, so is this a flaw in the current system?

It feels to me like something needs to change within the registration process if Steemit is going to prove itself to the masses as the awesome next generation social media platform which I still firmly believe it is!


Potential solutions

  • Create a warning system which sends out a message to EVERYONE in their wallets when there is a scam like this happening.

  • Add a FREEZE ACCOUNT function, entrusted to the Steemit Witnesses only, taking away the incentive for future scammers.

  • Add one sentence in the registration process which highlights the importance of not only the master key, but also the email address through which the account is confirmed.

I have passed on my story to the right people and I hope this will create some solid changes, making me the last person to suffer this experience.


It has been a tiring few days, checking every combination of name, password & email account provider I can think of. Without any luck.

Am considering seeing a hypnotist tomorrow who may be able to help me access this small piece of information which must be stored somewhere in this busy brain of mine.

Depending on how much a service like this costs? Hey…that would make an interesting steemit post!

It wasn't easy explaining to my french partner Sabrina that I made this mistake and consequently lost our savings, dramatically changing our plans for the future. In time she will forgive me.

The hardest part has been the mental challenge of letting this go and focusing my thoughts back on the things that make me feel good again... because I worked so incredibly hard to get my rep number up to 70.7 with 2,155 followers over the last 14 months.

...and now I have to start from square one again.

But I do believe that in time all of this will make sense to me and I will look back with a smile, knowing that everything happened exactly the way it was meant to happen.

It is rather fitting that my last post in the @samstonehill account was an Abraham of the day, entitled 'find a way to be happy wherever you are now!'
Link HERE

section.jpg

Haha... thanks Abe. Am doing my best!

sexy banner.png

How did I make this mistake?

First and foremost I was tired. Exhausted in fact.

I had been working hard on creating a donation account (@charitysteemit) and numerous posts (from the @samstonehill account) designed to raise money for the growing number of evacuees stuck in camps here in Bali waiting for their volcano to blow. My heart went out to these people and I pushed myself very hard to do what I could for them.

…and then (as a tourist here in Bali) I had to do a visa run to Kuala Lumpur. After working through the night I couldn’t sleep on the flight and with only a short turnaround before getting back on a plane to Bali, I decided to grab a coffee to keep myself awake. They had wifi so I logged on to find the following message in my wallet:

shot.jpg

I had never seen anything like this before, so I clicked on their link which took me to this page.

I sent them an email explaining that the 'unusual activity' they mentioned was most likely due to all the donations coming in to my account for the Bali fundraiser.

I also told them it was not good practice to hand out my master key in this manner. They responded straight away by email insisting that this needed to be done immediately in order to secure my account.

With only a few minutes left at this point and in fear of losing the money for the people of Bali, I glanced at the url of their site and it appeared genuine in my tired state. Now of course, I can see clearly it is not, with an I before the steemit.com

Full of fear and the knowledge that I had to run for my plane, I entered my master password and hoped all would be well.

By the time I arrived back in Bali 3 hours later the account's password had been changed and I was locked out.

The following day they took down my colourful banner and all personal information. I wonder if my family photo was messing with their sense of morality?

Now my account looks like this

Screen Shot 2017-10-10 at 04.15.54.png
and I can only imagine what rubbish they intend to spam people with.

Thankfully I had already transferred the STEEM & SBD donated from many generous steemians (for the Bali fundraiser) into the @charitysteemit account. So those who contributed can rest assured this money will be used as intended for solar panels & water filters.

But the money raised through my @samstonehill posts on this subject is gone now. And to those who voted for me with the intention of helping the people of Bali I am deeply sorry for my mistake. I can assure you it will never happen again.


What have I learned from this?

  • Rest more! When my body is tired I make mistakes.

  • Make use of the community! As soon as I was back in Bali and no longer under pressure to get on a plane, I found within 30seconds numerous posts advising people this was a scam.

  • Steemit could potentially have better security protocols & measures in place to disincentivise scammers.

  • Consider using sites like anon.steem to create your steemit account. They don't require email addresses of phone numbers, and the account is created immediately. But the best thing of all is that in this situation, they would verify that I am me through something as simple as a video call. And I would have my account back again.

  • As the popularity of this platform grows, so too will the complexity of these scams. And vigilance will be required at all times!


What now?

Last month I set up @samstonehilltube with the intention of sharing only my video work there, but now it will become an upgraded version of the @samstonehill account!

 ban 2.jpg

And I am actually a little bit excited about that 😄

It will be interesting to see how quickly I can build myself back up again with my 14 months of experience and the many wonderful friends I have made here on Steemit.

In Conclusion

I am determined to stay as positive as I can about this situation and I hope my that my experience ensures it doesn't happen to anyone else in the future.

On a final note I must tell you that I find it very hard to ask people for help. But in this moment I really do need your help.

My trading account investments are looking low right now yet I have no choice but to sell them all... and in around 2 weeks when this money is spent, I have no idea what we will do.

I could always go back to London and start making films again, but I would very much like to continue using Steemit in the way I was using it before... in order that I can continue inspiring you with my tales from around the world.

So, you can help me now with a simple upvote & resteem 🙏🏻

And I hope too you will follow this new account @samstonehilltube from which I will continue to provide quality posts worthy of your attention.

Blessings from Bali.jpg

Sort:  

Whilst I think websites like anon.steem which permit you to buy steemit accounts with no email address are GREAT, one must be aware of the potential problems in doing so.

Actually, you'd have been safer if you had used AnonSteem.

We recover accounts generally based on you having your original order ID and an old password, as well as some clear way to prove it's still you (e.g. your twitter, steemit chat account, discord etc.)

But, we can also recover accounts if we just know it's you. Maybe something as simple as a video call, to see you're clearly the same person from the images, and I'd happily enable recovery for the account.

I reported the phishing domain to GoDaddy last night after I got the spam to my own STEEM account, though they seem to be making new ones constantly.

You might be able to contact some STEEMIT staff, who could enable recovery for your account if they verify you through alternative means as I suggested.

@ned @sneak

I don't understand how accounts can be recovered in a trustless and decentralized way if someone is deciding whether or not they want to recover it.( based on their subjective opinion) Please explain

The account can only be recovered if someone knows one of the old passwords.

This means even though I can start the recovery process for an account made via AnonSteem, I can't actually change the key without having at least one of their old passwords.

Account recovery is something that cannot really be done without some form of trust system, otherwise let's say the hacker figures out your "secret information" you use for recovery? Well you're definitely screwed now.

It's possible for you to change your trustee, but you have to wait 31 days since the last password change to do that. You could for example, create an AnonSteem account, then 31 days later change the trustee to @steemit - which would make them responsible for recovering your account in an emergency. Similarly you could even set it to a friend.

Yeah. That's was the obvious part I was missing.

Also thanks for clarifying the trustee can be change. Such a well thought out feature that is this recovery account thing.

Thanks for your answer. What I don't understand is that samstonehill said steemit needs his email to recover the account, why ? They should only ask for old password not the email. no?

Account can only be recovered by the account recovery person and only if the master key has been changed in the last 30 days.

If the account has been created on Steemit.com the recovery person is @steemit If the account has been created by other means than steemit.com then the account recovery person can be chose by the person who create the account.

This is why anonsteem can be the recovery person. The can only change or recover the account if the password has been changed in the last 30 days. I'm not sure if I forgot something or if my explanation is 100% correct. Maybe @someguy123 can confirm.

Great and all untill @someguy123 dies and then what? I hope he has deadmans swicthes set up! sory to be so gloomy but ....like taylor swift has said, 'I dont trust nobody and nobody trusts me' so is anon steem realky better? ior is it just some guy? lol woah didnt even meam that but yeah isnt it just some guy trying to pretend he is like a company? i mean, i hope at least 2 people run anonsteem! bevcause if something happens to like theone guy who runs anonsteem and then u cant get ur account recovered, then what?

Sorry thats just my lil "hat if" scenari, juyst being a contrarian

yeah anyway I always used to ask about how the account recovery works, but i have to remind people, Steemit is not Bitcoin

we dont use proof of work, we have Delegated proof of stake, that chanegs everything when it comes to doing stuff like being ABLE to do stuff like a Wallet recovery when Bitcoin has no wallet recovery for hacked wallets... lol But imagine if Bitcoin network actualy decided to do a hard fork to reverse all transactions that were from hackers stealing funds, you could have like a hard fork of bitcoin where all contested transactions are reversed and you have a central authority to do that stuff, and thats kind of what steemit is because all the witnesses kinda know each other and thats one simple way to look at ity.....

but in reality the witness nodes are decentralized and steemit inc is just one steem gateway.... steemit inc cannot really do any more than any one person with steem account, a steem account can be created from any already created account..... and you can make your OWN steemit gateay like chainbb or busy.org .... thething is all witnesses have to agree tio run teh same software... that software has to behanded "down" from some centralized locaytion and thats steemit inc for now, am i right or wrong? I am not sure thats jjust my guess.... but it is only like that for now

in the future we will become more decentralized so that steemit inc can be shut down and we could still carry on... in fact if busy,org has a powerdown and withdrawl function... then i am pretty sure we could be using that incase steemit.com is down.... wel no bevcause it cannot create accounts i dont think? at least not for free?/? I think we would need a new gateway that can create steem accounts and tHEN we wouldnt need steemit.com/// but h,, yes its strange @someonewhoisme it seems counterintuitive at first BUT its not, its makes sense when you know how steemit works and how yes it is decentralized but the steemit witnesses all agree on everything or else we would not have consensus, but we have this sort of hivemind but its a decentralized horizontal hivemind.....
I think that you have to realize... steemit is not bitcoin and bitcoin does not have witnesses but just bitcoin miners and nodes and you dont have a centralized way to organize them all like you do on steemit where you can talk to everyone over the steemit forum...Bitcoin would need to freakin use Bitcointalk.com forums to actually communicate instructions and news to all of its network miners and node operators whil steem blockchain has this built in social media network that lets people talkto each other and also to amake announcements where the important ones get to the front page and everyone gets to see them!

So you see, that and how we are Delegated proof of Stake allows us to actually do things regular POW bitcoin cannot do! through consensus of witness nodes we can accomplish great things for the community! Its software and all software is maleable its just a question of getting everyone to agree on overall system wide changes, consensus, its magical!

that software has to behanded "down" from some centralized locaytion and thats steemit inc for now,

The Steem software is publicly hosted on github just the same as Bitcoin. Both can be fork. For now Steemit Inc are the one most knowledgeable about the code but anyone can study it. It's open source.

What you said about the fact that if something happen to the recovery partner is also true if the recovery partner is Steemit. If the person or persons controlling the Steemit account are ill prepare in case something happen to them then they might not be able to recover the account of their people. I think the recovery partner can be changed. I'm not sure. Not through steemit but through steemd. I'm pretty sure it can be changed.

If all witnesses agree to something then they don't have to conspire to make something happen, they all agree. That's what happen Steem is updated. I don't remember how many % of the top witness have to agree but the update goes through.

For some witnesses to conspire and trying to pass false transactions would be almost impossible I think because other nodes would realize what happened and then people would very soon vote those witnesses out of their place. It would also be much more complex than people realize and those people/witness would probably have to know how to recode part of the Steem code. Not realistic stuff for many reasons.

Creating Steem account almost for free is coming in the next update and if it wouldn't it would probably be an easy thing to code if Steemit Inc didn't want it but everyone else would want this feature. The thing is Steemit Inc want this feature probably more than anyone else.

why does steemit need email to recover the account?

It's a way to help them prevent the person who just steal the password to initiate the recovery process claiming they are the real owner of the account. They don't really need it if they can prove the identity of person trying to recover the account by another mean, in fact the email is far from being the best way but for Steemit it can help.

Anonsteem uses other means and other recovery partners could also use other means.

I know, it's a bit another issue but I have a question though.

Is it possible to get back STEEM I have sent by mistake to an account?
E.g. I sent STEEM to @minnowboster (https://steemit.com/@minnowboster) with one o instead of @minnowbooster with 2 o's?
I mean, there should be an option to reverse your actions within a given time frame.

the email is the second factor authentication on the identity part of the account and other security mechanisms for anonymity.

Wow! I was not aware of this at all. And I apologise for my assumption. I will amend this information immediately. Perhaps it might be worth adding this info on your main page? Now that hacking seems to be a topical issue, I believe it would make people feel safer.

This info certainly makes me feel a whole lot better, as this new account was bought with anon.steem! Thanks for your awesome service by the way 🙏🏻

And your suggested systems of proving identity make a lot of sense.

I have written to [email protected] and explained the full story... and I hope they will let me verify my identity with something as simple as a video call :)

Thank you for tagging @ned & @sneak here. I hadn't thought of that.

@samstonehilltube :D this is quite unfortunate, I wrote a bit longer of a comment and I'm sorry you lost your "fortune"

First of contact the team and ask them, any of the devs on chat, ned, sneak whoever on the rocket chat.

Second you've done the best already, I was tired of watching scam posts, but it is how it is, I was going to write a security 101 ... What I've learned from games is "Never tell anyone your password" privacy is important as is thinking, you basically went into the perfect storm, but next time, if steemit needs your password, what for, why would they, there is no reason, they have their accounts..

Pfishing is going on since emails exist even before that, people have been getting scammed out of property, whatever weak points you have will be exploited if there is gain to be earned .. some people are like that, anyways freezing accounts would be nice in such occasions, but I'm not sure how features would be implemented without the potential for abuse..

Just keep in mind there are many greedy and stupid people..

I'm happy you have grown so much :)

and that you have spread what you have earned, whatever is lost rarely is, I'm sure you will make it back up in no time, in the case of the account not getting recovered.

There was a famous quote from a millionaire that he can make everything back up even with a shirt on his back, I hope this is a worthwhile experience to any ego driven mind, which is all of us. Possessions are not worth anything and we have put a lot of value into a lot of objects

Ridiculous Account Security in a decentralised app..

I'm sure you will pull back, you have a beautiful life :)

Let the traps fall into themselves.

Thanks for the clarification on anon.steem and what you did. the next time i wanna register an account for someone who wants anonymity, i'll use your service.

I have used it many times. It's great! Especially now I know accounts can still be recovered without giving an email address :)

I am thankful that you have been able to get your account back! Losing all that work put into it would be heartbreaking.

This scam was discussed in the #security channel on steemit.chat. If anyone sees anything similar to this scam, simply get on steemit.chat and ask for help first. It doesn't hurt to check in the official #steemitabuse channel too. I had reported this particular scam to that channel as others had. The admins were working on it too.

This is really unfortunate. Thanks for staying positive and continuing to help others.

Thank you for your support. This really means a lot to me :)

I'm sure the steem team can nail this theif if they take the time? The amount of skilled people involved in this platform makes me sure the theief is only able to get away with it if we let them? Steemit def needs more user friendly security as soon as poss, otherwise as this platform increases stories like this will
increase tenfold as less web savvy users sign up and it will bring the platform into disrepute. Good luck! Upvoted and resteemed.

I'm very sorry to read this. I hope you can recover soon. I also think this a wrong doing. Our profiles have a lot of work.

I did a little investigation on this domain:


Created On: 2017-10-09 Expiration Date: 2018-10-09 Last Updated On: 2017-10-09 Registrar: GoDaddy.com URL: http://www.godaddy.com Registrant: Name: Ned Scott City: New York State: Ciudad de Mexico Country: Mexico
So the guy is very funny by putting @ned's name as a registrant. I will keep myself asking to godaddy's team support if there is a way to get a real name and email. He may have a credit card linked, or PayPal account, in order to buy this domain. As soon as I get any info I will let you know. STEEM ON!

Thanks so much for looking into this and sharing what you have learned! Kinda funny to use Ned Scott City as the name. Not so funny what they are up to. But we will get them off this platform one way or another.

TOGETHER WE ARE STRONGER!!

Thanks again for your support :)

I did what I could so far. I have reported the phishing website to godaddy's team support. They have a section where people can reports about this kind of websites.
In other news, some weeks ago I have installed this tool ethaddresslookup I use it to check ethereum addresses but just now I've realised that it works also, for phishing websites. As I have it within my Chrome Browser, as soon as I tried to look at this "hacker" website shows me a warning, so I recommend you try this kind of tools too.



source

I will do my best in order to help with this.

By the way I could notice a "downvote" on the answer you just gave me. This account: @accounttransfers gives you a downvote. If you check its transfer section you can see how this account is "hacking people too"
So let's stay away of this website too: LSTEEMIT.COM looks like they are part of the same robbing organisations.

I think this requires a follow-up post asap:

Screenshot-2017-10-10  samstonehilltube.png


Screenshot-2017-10-10  samstonehill.png

I just noticed that @flauwy... seems a bit suspect. Also pondering where a "test" transfer to @chron fits into the picture.

Bumped this up the comment list a bit, but my vote isn't worth that much... @samstonehilltube some odd activity is still going on....

It's all good my friend. In case you missed the news, I'm back in. The transfer to @chron was just to make sure everything worked right!

Still playing catch-up on all these lovely comments :)

Oh, it was just a test! Well, I guess we can all rest easy with @accounttransfers on the case /s

dam that really sucks. I'm here because I got a message in my inbox wallet .
I read this after I already posted a warning blog post. I resteemed your post.

tip! post

steemit scam alert.PNG

OMG, this is tough my friend - hope you still get it back somehow, their must be a change for the registration indeed, also an option for existing account to create / edit their security settings (or are their security settings)? Getting back later to you.

I think there may be a way but it would have to be a special circumstances kind of situation... which I am hoping this is!

Let us see how it plays out.

Remaining as optimistic as I can :)

Thanks for your support Uwe.

Sorry to hear that! Resteeming this so others woudn't fall in trap. It is little bit sily that Steemit can't stop payouts from hacked account. Followed you on second account.

Thanks. Really appreciate your support :)

Followed the first account and now I'm following this second account...sorry to hear about the scam but thank God for the @charitysteemit account you were able to transfer the donations. I know you will recover very fast because you have lots of friends here who really cares, we will outnumber the scammers. God bless you sir!

Thanks for following both accounts! Though for now there is only one.

Let us see how this pans out...

Yes, and it was certainly lucky that the last transfer I made out of the @samstonehil account was this donation money.

Many thanks for your kind words and support. In a way, I am looking forward to building this new account from scratch. The rep number moves much faster at the beginning!!! :)

I just flagged that accounts last 4 comments - 100% - hope this helps lower this scums rep even more

Perfect! Thank you. Though apparently the hackers aren't happy now.... That they are flagging all my new posts from my old account!

Sent a THIRDS DONATION @samstonehilltube

Keep STEEM N ON

I just saw that now. Thank you so much! You are amazing and I will have to write another post about the awesome generosity of some of the people on this platform.

I am eternally grateful and if there is anything I can ever do for you... you only have to ask :)

Now your old account is being used for scams. Privacy is a double edged sword. So also is the concept of freezing accounts. If you want that, you have banks. I created a website for people to sell files for steem dollars. www.steemfiles.com.

The biggest security flaw in Steemit are the users. If they limit Steemit to veteran bitcoin users, then this would not happen. But that is not what Steemit is for.

This is really unfortunate. Steemit needs more user friendly security, otherwise as it will bring the platform into disrepute.

Thanks so much for your support 🙏🏻

This is why you should always use the posting key! Logging with the master password should display huge warnings in the steemit.com interface!

You are so right! That would be a much safer system. I hope the right people read your suggestion here.

Many thanks for taking the time to comment & support me in these testing times.

I am sure the platform will improve as a consequence.

as I saw this happened with his account I tried to do so, but don't get it. how do I log in with the posting key? can you explain or lead me to a post? would be awesome. thanks

So @samstonehilltube, I read through your post and i will resteem of course and I must tell you that i have this gut feeling or intuition that you will find the email address and password you used. Think back at the time you first joined steemit, what else were you doing at the time? I am wishing for a miracle and I will send you a little gift. Hang in there friend, you had a lot of momentum on that account and you have a lot of people that enjoy your quotes and beautiful photos and appreciate you and your family.
BLESSINGS

You are amazing 🙏🏻 I've just looked in my wallet and wow! Thank you from the bottom of heart not just for this but for all your beautiful words and support over the months.

I believe this will be resolved one way or another. At least now I can afford that hypnotist! Though it is my belief that Steemit Inc will read my emails sent this morning and find some kind of resolution.

Two things have already changed which will help this platform grow stronger.

  1. The wording in the registration process now makes it 100% clear that the email address used to confirm the account needs to be recorded for situations like this.

  2. A bot has been created by @arcange to send wallet messages to anyone who receives a wallet message from a known scammer.

Meaning that in future this won't happen to people as it happened to me.

And the scammers will have to look elsewhere to get their money!

So, all is good :)

Thank you again & massive huge hugs to you from my family & I :)

Luna.png
Esteban.png

Kisses to them both Sam, Esteban have grown so much. All will be well sooner i hope.

Oh, nooo! You have to build up your Steem again, from the beginning! But it will be easier! I know you'll never give up! We are with you!

You're right about that! I will never give up doing what I love... steem or no steem :)

Thank you for your support 🙏🏻

Uhmm interesting @samstonehilltube. Haha, Did you notice that your hacked account has been Upvoting your comments?

Ah! The Irony!! ;)

I hadn't noticed that! Weird. They are probably hoping to make money off anyone who votes after them. Or perhaps put people off from voting for my comments!

Apparently they don't like me very much as they are also intentionally lowering the payout of this post by using my own steem power against me with a flag.

I took this screen shot earlier today when I noticed my downvote in there.

Screen Shot 2017-10-10 at 11.10.00.png

sorry to hear that , but thank u very much to share ur mistake with us , i leant a lot from u my friend thanx, im following u back again , hope u will get better sooner

Thank you. I believe everything happens for a reason! And am really happy to see that there have been some changes make to Steemit already which will ensure this won't happen to other people :)

And I have been completely stunned by people's generosity!

You should never store any large amount of crypto currency in an online wallet. When you keep your crypto on a website (like in your Steem wallet or on an exchange) it is always susceptible to attack. I learned my lesson by getting bitcoin ripped off in the infamous Mt. Gox debacle- I don't even want to think how much it would be worth today.

You need to have a wallet ON YOUR OWN COMPUTER. I use Bitcoin Core. Keep that computer TURNED OFF unless you are using it to transfer crypto. Do not use it for routine stuff like posting or surfing the web. Use another computer for everyday tasks. Since you can buy a decent secondhand laptop for less than $300, if you have more than $300 of crypto you need to have a dedicated computer to store it on.

Steemit can't do it all. You must be smart with your crypto. Obviously the above is regarding crypto that you consider savings. Keeping your Steem in your Steemit wallet so that you can have voting power is another thing altogether. As far as I know, there isn't any offline "cold storage" Steem wallet. So until and unless there is one, all Steem is inherently insecure.

Hi bro, i am really sorry to hear bout this misfortune especially to you having noble thought. I have upvoted, resteemed and started following your new account.
I know its not going to be easy but always remember that, the hackers have only taken a very small portion of your contribution. Look at the brighter side that your Intellectual Property (IP) which is your most valuable asset is still with you. And always remember bro, when you are working on a noble job, there will always be an invisble hand helping to pull you up. I am not sure if you are a believer in that but, He would never let you down. So, cheer up buddy, take some deep breath and a good rest and re-steem your self for a new journey thru this new site.
Thanks to @exyle for sharing a post bout your misfortune.

It seems this event will mostly serve to make our platform stronger.

Two things have already been changed:

  1. The wording in the registration process now makes it 100% clear that the email address used to confirm the account needs to be recorded for situations like this.

  2. A bot has been created by @arcange to send wallet messages to anyone who receives a wallet message from a known scammer.

Am breathing deep in this moment & feeling the perfection of NOW.

People have been unbelievably generous. It's truly heart-warming.

Thank you for your support :)

Hi @samstonehilltube ! Its crazy what just happend to your account... The funny part is that i'm new and i was looking for you cause i used your video on youtube to know hiw to start with it. I just upvoted you and now i follow. Yake care!

Many thanks for your support. All sorted now thank goodness :)

One of the great post. Thank you for sharing.

thanks for your support :)

That is so frustrating. I cannot imagine how you must feel, the loss and violation. I commend you on your attitude and balanced perspective.

Thank you for your lovely words of support. I can't say it has been easy. But now that I have accepted it, I am able to move forward again with a smile :)

Thanks for your support here :)

I am sure I will look back on this event and smile in the not too distant future. Everything happens for a reason.

Damn, I had reported this to steemcleaners a few days ago. Wish there was a way to nuke such spam accounts.
Really terrible, but the 'l' in front of 'steemit' in the url plus it not being https is a dead giveaway.
Sorry for your loss, and wish you the best of luck!

Indeed, now I am not in a hurry and not so tired... I can see what a stupid mistake I made.

But I do believe this event will create measures to prevent this situation from happening in the future.

Yikes! Sorry to hear that, Sam :( What URL did you access that phished your password? Also, how were you able to track the hacker to that account? Is it the one included in their transfer memo to you?

I'm sure you're going to be able to get back what you've lost, and then some! Have faith!

Thank you my friend. I still have faith. And I am sure in time all will be well...

I used the url given to me in my wallet. And I feel pretty dumb right now for having fallen for their trap.

But many lessons have been learned and it will only make this platform stronger in the end :)

Don't beat yourself up about it too much. Even the best of us fall victim to those things at least once. At least what they took is something you can earn back. From the looks of things, you're already off to a great start! No losses, only lessons.

couldn't have happened to a nicer person! So sorry to hear. I've voted on every comment too! Maybe this is a sign to come to England we can make videos together!

haha! Funny you should mention that.... I had a rare moment of freaking out yesterday, in part because I hadn't written this post yet and wasn't feeling too much support. Just a rather angry missus! And yes, I said we would move to London and re-connect with my many friends there. It is a city in which I know I can make money if I need to.

But now that I am calm again I am not sure this is what I really want right now.

The latest plan is to spend 4 months of the year in Europe. When it is warm there! Sabrina's mum isn't well and needs our support, so we will live between france & england in those 4 months each year...

....and you and I are going to get very active on the Steemit front, kickstarting London like never before!

Thank you Danny for your lovely email and your upvotes & support. Am still smiling from ear to ear in the way the Universe brought us together :)

Well if you need a nurse or a nanny, I could tag along?

Yes, we do need a nanny!!!! Tag along by all means :)

Sorry to hear that Sam. Follow you here and resteemed :-)

Thanks for your support my friend. I still have a little hope for the old account. But even without this, it doesn't matter. I will never stop posting on this awesome platform :)

Your old @samstonehill account is now sending another pishing link. I so sorry to hear that bad news. I hope you will recover from your lost as soon as posible.

Yes it's pretty tough for me to look at the account as it is now. A deep breath and I focus my mind on happy thoughts :)

The harderst part is knowing that the next power down is in 6 hours from now... and there is nothing I can do about it. 400 STEEM I need to support my family of 4.

The generosity of this platform has been unreal though. Just take a look at the donations in my wallet which came in today.

I am going to write a post about this next. The Steemit community really is amazing :) There is no other community like this one.

sorry for the shitty news.. I unfollowed your account and am now following your new one..

Thanks for your support my friend. And for the re-follow :)

I believe one way or another it will all turn out for the best in the end...

That really sucks . I am a newbie so that is a bit worrying . I sent bit coin , I am glad it is being used for the charity. Thanks for alerting us. Lets all make sure everyone knows how to protect themselves on steemit.

Nothing to be worried about. Events like this serve to highlight problems which devs then find the solutions to.

Two things have already changed which will help this platform grow stronger.

  1. The wording in the registration process now makes it 100% clear that the email address used to confirm the account needs to be recorded for situations like this.

  2. A bot has been created by @arcange to send wallet messages to anyone who receives a wallet message from a known scammer.

Ensuring that scammers will have to look elsewhere to do their dirty work.

Btw, did you get the welcome email from steemit asking to confirm your email address? I just checked and found mine.

As I said in the post I tried to be clever by setting up an email address specifically for the purpose of confirming the account. And haven't used it since. And didn't write it down! So, the combinations of names, passwords and email providers is pretty endless. I tried for two days and found nothing.

So I decided to move my attention and write this post, which I hope will help others :)

Thank you for your support at this testing time 🙏🏻

I do believe it was some twisted manifestation Mr Stone-Hill!

haha! Yes, perhaps my ego did get the better of me a bit there.

And most likely made them think I had lots of money...and therefore wouldn't care about the $3,500 they are currently stealing.

Thanks for your support bro. Come over for a drink any time! I don't get too much male interaction around here now that @jockey is gone.

I just meant "the end of all my posts" thing, It was for that account for the time being anyway. Yeah I will give you a shout sometime but if you go to the BTC exchange also then let me know, I'm sure it's not rocket science but I want to just see how the transaction takes place, you'll be skipping along there in no time with all the support!

Ah, I get you now! haha! Every end is a new beginning :)

Jangan terlalu sedih @samstonehilltube !

Although I am sad reading this post! I hope Sabrina is calmed now.

Shitty people out there for sure

Upvoted, not much, but it's a start

Di tunggu blog selanjutnya😊

Makasih :)

Everything will be fine in the end.

I appreciate your support 🙏🏻

That's the spirit @samstonehilltube

Semangat!

I see that twat that stole your account has posted on many other people's wallet messages trying to get their information. They are also using YOUR old account to send these phishing messages now! Can anyone on the steemit team ban this person? I also resteemed your post for awareness.

It is being looked in to. I am sure they will find a solution. They have already changed a few things :)

It's all good. Lessons have been learned and solutions are being put in place.

Two things have already changed:

  1. The wording in the registration process now makes it 100% clear that the email address used to confirm the account needs to be recorded for situations like this.

  2. A bot has been created by @arcange to send wallet messages to anyone who receives a wallet message from a known scammer.

Thanks for your support :)

sam. i am fairly new here and i am sorry this is the way we get to meet. in two posts i have read just today, i have seen a steemian give someone a ride and a twenty dollar bill when they needed it, and the steem community helping someone pay for medical care for something they have needed for 15 years. i have voted and followed. just my small token. if what i have seen just today is any indication, i have full confidence that the people of this community will not let you down.

You are right about that my friend. This is clearly one of the most amazing communities on line. I am blown away by the generosity here. And despite current circumstances, I have high hopes for the future :)

Feeling very sad for you. Resteemed and upvoted all your current posts. Fingers crossed for the hypnotherapy!

EDIT - Although I'm saddened and appalled at the actions of this person / group of people, I'm not really surprised. There are many greedy people out there. But what really shocked me, oddly, was that he then flagged you. That's just plain mean, nasty and petty, using your own money to reduce your capacity to build back up.

Yes, I have to admit that was pretty low. Though in truth it actually made me laugh. Sometimes we just have to look at the funny side of things!

Many thanks for your support :)

Oh wow, that is terrible!! I'm so sorry for this experience you're going through however the positivity that you're still showing is truly amazing. We've got your back man :):)

In this moment I really do feel like the whole of Steemit have my back :)

Thanks very much for your kind words and support.

We Are With You Dear Don't Worry Never Give Up

Many thanks for your support.

It is greatly appreciated at this time :)

Sorry to hear about your problems. Resteemed Upvoted. Donated. It will take you nothing to get back to your 70 rep status. Thank you for trying to help the people of Bali.

You are a legend! Thank you so much for your generosity. It really warms my heart to see how the community have responded to this. And this subject deserves a post of its own!

Please just ask if there is anything I can ever do for you :)

I am not a legend, still new here. I like @mammassita, and she likes Bali. You were trying to help the people of Bali, to try and bring a little bit of light into the dreary days of evacuation, all I did was give a few SBD that I had, You are the Legend, You helped, all I did was donate a tiny amount. Thank you for what you are doing.

hmmm maybe @ned and some of the whales can flag him to -28...
Upvoted , resteemed!
Namaste!

I would imagine it won't take long before he is flagged off the platform. Just wish it could happen faster!

Many thanks for the support :)

What about apps like steepshot that ask you for your private keys? Can that be trusted?

I am not sure about the answer to this question. Do a post on it. The community usually has the answer ;)

This breaks my heart! I hope they can help you recover everything some how :(

You are such a star! Thank you so much for your donation! This was not expected at all and I have been completely blown away by the generosity of this community :)

I also hope they can recover it but am mentally prepared now for the worst case scenario.

Thanks to people like you, the blow has been softened greatly :)

If there is ever anything I can do for you, please just ask!

it makes me very sad to hear what happened to you. I hope you recover very soon from this loss. I shared your customer so that it does not happen to others. Steem on brother.

Not to worry brother. This won't stop me. Steemit is too awesome to leave behind because of this.

I still believe everything will work itself out in the end.

Thanks for your support 🙏🏻

welcome my friend....

Really sorry this happened. Upvoted and resteemed. I hope you can get quickly back on track.

Thanks for your support here! Feel like I already am back on track with this new account :)

But still keeping my fingers crossed that somehow they are able to recover my old one!

Really sad to hear your story my friend !
Be strong and patient ....You will rock again !!
Best of luck dear friend !!!
Thank you so much for sharing this story here. It gives a good lesson to we all steemians .

Thanks very much for your support. It is massively appreciated.

Let's see how this plays out, but I am sure in the end I will look back on this and smile :)

Thank you so much for your reply !
All the best my friend !!

Thanks for your insights! I'll immediately check if I have all the information stored and start blogging with one of the less mighty keys.

I wish you all the best that you recover soon from your loss (mentally and financially). One way to get over bad experiences is fasterEFT. (Just if nothing else helps, tapping fasterEFT style you can switch your memories and go on as a happier you!)

Greetings from Vienna !

That's actually a very good idea. Just use your posting key instead of your master key. If someone gets hold of this, all they can do is make posts from your account! And you can change that key with your master key. A valuable lesson learned for all.

Many thanks for your kind words and it is curious that you mentioned tapping. I started doing this two months ago to deal with my nightmares... which are now gone! So have moved on now to release and let go of a whole bunch of things.

For the last few days it has been about the release my fear of not having any money and also to release my very old belief system that I have a terrible memory! Thought this would help me remember my email address I need for the account recovery. No luck yet, but I will keep you informed...

Many thanks again for your support and greetings from Bali 🙏🏻

Congratulations that you found tapping for yourself! I guess it were your words about getting over losing the money, that made me assume that you would be open to it. :D
Oh yes, the fear of having no money is actually also a big one for me too. Thanks for reminding me to work on that one.
I'm looking forward to hearing more about your tapping successes. In fact, I'm planning to write about my fasterEFT tapping journey here on steemit, but I'm not sure, if I'll translate everything to English or stick to German.

Anyway, I'm sure somewhere in your brain you'll find the information about your email-address. Just take a shower, go swimming, have fun at a party and it will suddenly show up, when you expected it least. :D
Greetings from Vienna!

So sorry to hear that your account been hacked..when you been helping your fellow Balinese community..
Such kindness been paid with hacked acc.
But...dont worried too much or think about it..
You gain your rep and loss in no time..
As my sister once said to me when i laid motionless in ICU and been revived twice years ago.."God work is so mysterious and always see the good thing in everything even the bad thing"
Blessed you mate...

Many thanks for your lovely supportive words!

And I do believe you are absolutely right. There is always good which comes out of bad. If one chooses to focus on the good ;)

Thanks again for your support at this slightly testing time 🙏🏻

Your welcome mate..
Feel free to stop by at Sabah next time..
Loadsss of awesome place for your time lapse..

And...if you need help for your charity at Bali..i got a few Kiwi friends residing there also..
Worked for Fauna & Flora International. Ecosystem Impact.
They been there since the Tsunami..

I am glad you believe that the time will come when this would just make you smile because it would have already made sense to you. I made a mistake 13 years ago and I'm enjoying the fruits of that mistake now. It might take years but it will come so don't let go of that thought.

Also, your page @charitysteemit still says 'contact @samstonehill'.

Ah, thanks for pointing this out! I will have a look at this right now....

Yes, I have experienced many things in my life which at the time felt very bad, but ultimately led me to exactly where I needed to be. And it seems to me this is no different.

Just have to stay focused on all the good stuff :)

Many thanks for you support 🙏🏻

Wow, that's really upsetting. So sorry that happened. At least you still have your lovely family and your health. Will be following you more closely for now on. -Dan

You know it my friend. We are all happy and healthy! And what more could I want from life?

When I am not focused on the past or future only one thing remains.... this moment is perfect :)

And the generosity shown by the Steemit community around this situation has brought tears to my eyes.

I will never give up on Steemit :)

You're an inspiration to us all!

Sad that this happened ... I was not aware of the security issues associated with using the master account and why there are "child" passwords with different ACL.

Thanks for your support here.

Not sure what you mean by child passwords?

Not sure what you mean by child passwords?

just meant that passwords with lesser access rights like post only, read only etc.

holy christ that is terrible... it is these kind of one-time security lapses that I think will prevent Steemit from really taking off. i'm a noob, but it seems so damn fragile. thanks for your post / upvoted

These events make the platform stronger. They actually need to happen in order for the devs to to see the cracks in the armour and fix the problems. Things will change because of this. Trust me. They already are ;)

Thank you for your support at this difficult time :)

Oh man. Sorry you had to go through this!

That which doesn't kill us makes us stronger ;)

Many thanks for your support.

I am so sorry to hear about this! Sadly, all I can do is unfollow that account and follow this one. I also flagged two pending posts there that still have some payout pending.

I hope you manage to rebuild your status quickly on this account!

Thanks for doing the right thing with the flagging... as much as it breaks my heart to see!

Everything will be alright in the end and I am determined to continue enjoying every moment I spend here on Steemit :)

wow how bad is this?! I feel very sorry for you man. it must have been such hard work to build that account and its all gone in seconds. hope you can stay positive and grow fast again.

Thanks for your support. Your words mean a lot to me. It wasn't so easy at first but I am feeling much better now thanks... and who knows? I may yet somehow get the account back :)

that would be the best. is there still a chance to get it back?

And if you still try to regain control of the mail? Somewhere in the browser this mail could have survived, it is necessary to contact a computer expert.

Trust me. Tried everything. I cleared the browser history for some reason the month after I joined!

I believe it can be resolved another way now. Just hope Steemit permit me to use an alternative method to prove I own the account 🙏🏻

Many thanks for your support :)