It was a sad scenario for me yesterday, not just because someone accessed my account and made away with some HBD but because I am still surprised how the person accessed my account.
I logged in around 3:15 pm yesterday and I noticed that my $27 worth of HBD is no longer there. Not quite long, I noticed that there was a swap of 27.990 HBD for 21 HIVE as can be seen below.
At this point, I concluded that my Hive account has been compromised. So, I immediately rushed to Hive-engine to take care of my liquid assets. I had 66 POB and about 11 LEO. I have been in the practice of staking all my Hive engine tokens, so that was why there were only the POB and LEO Tokens left. Luckily for me, they have not been touched, so I staked them immediately, knowing fully well that any staked token takes days to be unstacked. Now, I was prompt to change my Keys. When I was done changing the keys. I returned to Hive-engine and I discovered that my staked VYB and Leo are being unstacked. I had to cancel them.
When I finished securing my account, I started reassessing my past Hive activities. I couldn't pinpoint any activity that could have led to a leak of my account keys. The last activity I carried out that I used my Hive key was on Hive.vote. The key was only my posting keys which have limited permissions.
Nevertheless, I had my Hive keys as a document on my phone and I feel that the hack may come from there or perhaps because my Hivesigner password was saved on my chrome browser, which allowed the hacker to access the password somehow. I didn't lose much but it wasn't a good experience for me.
I enjoin every one of us to be careful with his keys. If possible, always change your hive keys weekly and avoid saving your keys on browsers. It might be difficult to manually input the keys whenever you want to carry out any activity but it is safer. Also, let us be conscious of the kind of permission we give to apps.
I want to thank @mineopoly, @scholaris, and @khoola for reaching out to me and giving me some useful information.
I won't forget to mention that @feruz helped me with the password reset link. Thank you, guys!!!.
Sad to see more and more account hacks going on. It is good that the hackers did not changed the master password of your Hive account, and it is also good that you did not lost any funds from your Hive account. Hopefully nor from your other accounts. I would like to recommend checking your other financial related accounts (if you have any other) to see whether they are compromised or not.
Thanks for the suggestion. I have strengthened all my other accounts
My previous account @sissim has been hacked. I felt as if someone violated my house. I lost everything in Splinterland. It is a long story, however the master key is lost forever. Could you reset your master key too?
Both of these are bad practices. You should not keep any keys on the phone. Nor saved in the browser.
As you say: time to improve your security.
Oh! So sorry about this, I felt your hurts
This is crazy, I have been seeing a lot of hacks these days, I hope it doesn't continue.
Thankfully you have safeguarded your account.
Yeah it wasn't much but I believe is time for everyone to be careful with his or her private keys.
I think it is the main reason I never save my keys anywhere, too risky.
It can still be hacked if your save your keys on the browser or you download malicious app. A lot of measures needs to be put in place. Also , there are certain permissions that we gave to apps that can also harm our account
I guess it is to start taking these measures.
It seems hackers have been rampant lately. Thankfully you were able to secure your account before more was lost.
Yeah. I thank God for it.
That's so bad, sorry about that, thank goodness you're aware about it on time. Stay secured and safe
Omg, I feel sad to know that. This has happened with a few people before also. So, I think everyone here needs to be cautious with this.
Thankfully your losses were not as much and you noticed it just in time, we ought to be more careful these days though.
Thanks for sharing.
Ohh.... Its lucky for you that you can recover your account.