Steemains still getting fooled.
The user that got his account stolen, made a good post about the hack under a new account, you can find it on his new account Here
The run down
If you see this memo in your wallet please disregard.
ACCOUNT BLOCKED: We have detected unauthorized activity in your account. Your account has been BLOCKED for your protection. Please Contact Account Security: ttps://security-steemit.com.mx/account-security-contact
Never ever ever send your master key to anyone not even @ned
This is what the account looks like atm. It is sending messages to everyone, with the memo above.
The Fake site/link
If you happen to check out the link beacuse you are brave enough, This is what you will see
Couple weeks back there was a huge hack on many accounts @keyhunter found keys in memos and posts and locked those down and sent a memo to reset the account with account recovery.
Do not be fooled, Steemit is decentralized and there is no blocking of accounts no matter what, there is muting, flagging but no banning or blocks.
Keep all your keys safe! Never use your master key no matter what.
It looks like the orginial account holder has lost 3K in Steem, Liquid funds from this post will be sent to him to help recover.
This
Thanks for sharing this @zeartul. So far I will be in touch with the godaddy team support (as I'm member I may find something). I have checked this domain and it is been registered using godaddy. The info you may find, using a whois lookup will be this one:
Created On: 2017-10-09 Expiration Date: 2018-10-09 Last Updated On: 2017-10-09 Registrar: GoDaddy.com URL: http://www.godaddy.com
Registrant:
Name: Ned Scott
City: New York
State: Ciudad de Mexico
Country: Mexico
So the guy is very funny by putting @ned's name as a registrant. Well as soon as I can get in touch with them I will ask them how can we know this guy real name and address. He may have a linked credit card when he bought the domain. As soon as i get more info I will let you all know. IMHO this kind of people are very bad. I know how hard it is for many of us to get some reputation and gain our rewards by posting. This is why I'm here to help.
Godaddy will and cannot provide you with this information without a court order.
You used to be able to determine the owner (and registration address) of a domain name, but that was removed because of people getting threatened, harassed and attacked.
All we can do is stay vigilant.
Thanks for answer @rmz. Even that they won't give you any info, they allow you to report any suspicious activity within a website registered under their services. This is what I did some minutes ago.
So let's see what happen now.
In other news, feel free to check this out. A Chrome extension ethaddresslookup I have it installed and just now, I've realised, it works warning you about phishing websites:
source
So I guess it may be helpful in our "fight against Steemit's Crime organisations"
source
Not as much a "hack" as this is social engineering users into giving up their credentials.
I used to think if there is https, it is secure. Can you explain please how he got hacked?
It wasn’t truly a “hack” so there’s still no technical security vulnerabilities to worry about at the moment. It is a rash of “phishing” scams Steemit has been seeing. The user was tricked into giving his password to someone posing as “Steemit security.” So don’t worry too much about logging in. But best practices are still to only go to Steemit through a valid bookmark you’ve created so as not to be fooled by a duplicate site an external link may direct you to, and log in with your posting key. Only use owner/master keys when dealing with funds & account management.
@libert
https
only secures your data during transit and prevents prying eyes to intercept that data. However this is a phishing site meaning the destination of your data is malicious. Once you input your details including your keys or password, this will be sent to the scammer.That's what I wanted to know. Thanks.
Thank you, great tips.
I am afraid of hacking
Reblogged this so more people could see. Ive seen other people posting and asking about this as well. What is being done to improve account security.
Nothing. This is social media for grown ups.
Everyone needs to look after themselves, understand the basics, and be smart with their passwords.
Important news...i will resteem this news
Paranoia starting to set in!
WOW!! I didn't know about this, thanks so much. Upvoted, Resteemed, and you have a new follower.
Thank you for the heads up. I'm new and probably would have fallen for it, upvoted.
thank you for share information.
Wow that's a super big heads up for everyone. Thank you for the heads up! Everyone should see this. Upvoted and resteemed!
@royrodgers has voted on behalf of @minnowpond. If you would like to recieve upvotes from minnowponds team on all your posts, simply FOLLOW @minnowpond.
To receive an upvote send 0.25 SBD to @minnowpond with your posts url as the memo To receive an reSteem send 0.75 SBD to @minnowpond with your posts url as the memo To receive an upvote and a reSteem send 1.00SBD to @minnowpond with your posts url as the memo
This is awful! Can't he recover the steem power? That can' t be withdrawn immediately. There must be something that can be done.
Thank you very much for sharing @zeartul.
It seems like the hacker don't give any sign of stopping
Thank you for sharing info you save me.
Always check the url. There are two red flags here that indicate it is not a legit steemit.com address:
security-steemit.com.mx
Seriously. If you click on a Mexican TLD for an american company and expect to go somewhere safe? Well you kind of get what you ask for.
Bummer to get caught out by this - resteemed. Hope we're not gonna this this kinda thing on the rise. Makes one think Steeemit really needs a dedicated 'Public Service Announcements' of some kind, or is there already some kind of PSA?
Thanks for sharing, Ive save master key and no share to anybody
Thanks! Good looking out. I have not heard if this. 👍🏾
Wow.. crazy. Thanks for the warning!
I see that this platform interests scammers more and more often. Not surprising. Be careful!
Can't we get some whales to downvote this account and remove it's reputation? That may stop some future bad experiences.
The @samstonehill account is busted, there's no way to get that back, we can only try and stop this from happening.
Oh boy. Shame.
This may be a sign to always to keep your liquid STEEM and Steem dollars to a minimum. Power Up maybe?
This way if ever hackers do to get into your account, you have 13 weeks to prevent the power down and that the stolen (liquid) valuables are only kept to a minimum.
Just my two cents.