Hacking continues @samstonehill level 70 ACCOUNT was fooled, Don't be next

in steemit •  7 years ago 

Steemains still getting fooled.


The user that got his account stolen, made a good post about the hack under a new account, you can find it on his new account Here

The run down


If you see this memo in your wallet please disregard.

ACCOUNT BLOCKED: We have detected unauthorized activity in your account. Your account has been BLOCKED for your protection. Please Contact Account Security: ttps://security-steemit.com.mx/account-security-contact

Never ever ever send your master key to anyone not even @ned

This is what the account looks like atm. It is sending messages to everyone, with the memo above.


The Fake site/link


If you happen to check out the link beacuse you are brave enough, This is what you will see

Couple weeks back there was a huge hack on many accounts @keyhunter found keys in memos and posts and locked those down and sent a memo to reset the account with account recovery.

Do not be fooled, Steemit is decentralized and there is no blocking of accounts no matter what, there is muting, flagging but no banning or blocks.


Keep all your keys safe! Never use your master key no matter what.

It looks like the orginial account holder has lost 3K in Steem, Liquid funds from this post will be sent to him to help recover.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This

Thanks for sharing this @zeartul. So far I will be in touch with the godaddy team support (as I'm member I may find something). I have checked this domain and it is been registered using godaddy. The info you may find, using a whois lookup will be this one:


Created On: 2017-10-09 Expiration Date: 2018-10-09 Last Updated On: 2017-10-09 Registrar: GoDaddy.com URL: http://www.godaddy.com

Registrant:
Name: Ned Scott
City: New York
State: Ciudad de Mexico
Country: Mexico


So the guy is very funny by putting @ned's name as a registrant. Well as soon as I can get in touch with them I will ask them how can we know this guy real name and address. He may have a linked credit card when he bought the domain. As soon as i get more info I will let you all know. IMHO this kind of people are very bad. I know how hard it is for many of us to get some reputation and gain our rewards by posting. This is why I'm here to help.

Godaddy will and cannot provide you with this information without a court order.
You used to be able to determine the owner (and registration address) of a domain name, but that was removed because of people getting threatened, harassed and attacked.

All we can do is stay vigilant.

Thanks for answer @rmz. Even that they won't give you any info, they allow you to report any suspicious activity within a website registered under their services. This is what I did some minutes ago.
So let's see what happen now.
In other news, feel free to check this out. A Chrome extension ethaddresslookup I have it installed and just now, I've realised, it works warning you about phishing websites:



source

So I guess it may be helpful in our "fight against Steemit's Crime organisations"



source

Not as much a "hack" as this is social engineering users into giving up their credentials.

  ·  7 years ago (edited)

I used to think if there is https, it is secure. Can you explain please how he got hacked?

It wasn’t truly a “hack” so there’s still no technical security vulnerabilities to worry about at the moment. It is a rash of “phishing” scams Steemit has been seeing. The user was tricked into giving his password to someone posing as “Steemit security.” So don’t worry too much about logging in. But best practices are still to only go to Steemit through a valid bookmark you’ve created so as not to be fooled by a duplicate site an external link may direct you to, and log in with your posting key. Only use owner/master keys when dealing with funds & account management.

@libert https only secures your data during transit and prevents prying eyes to intercept that data. However this is a phishing site meaning the destination of your data is malicious. Once you input your details including your keys or password, this will be sent to the scammer.

That's what I wanted to know. Thanks.

Thank you, great tips.

I am afraid of hacking

Reblogged this so more people could see. Ive seen other people posting and asking about this as well. What is being done to improve account security.

Nothing. This is social media for grown ups.
Everyone needs to look after themselves, understand the basics, and be smart with their passwords.

Important news...i will resteem this news

Paranoia starting to set in!

WOW!! I didn't know about this, thanks so much. Upvoted, Resteemed, and you have a new follower.

Thank you for the heads up. I'm new and probably would have fallen for it, upvoted.

thank you for share information.

This is awful! Can't he recover the steem power? That can' t be withdrawn immediately. There must be something that can be done.

Bummer to get caught out by this - resteemed. Hope we're not gonna this this kinda thing on the rise. Makes one think Steeemit really needs a dedicated 'Public Service Announcements' of some kind, or is there already some kind of PSA?

Wow that's a super big heads up for everyone. Thank you for the heads up! Everyone should see this. Upvoted and resteemed!

Thank you for sharing info you save me.

Thanks for sharing, Ive save master key and no share to anybody

Thanks! Good looking out. I have not heard if this. 👍🏾

It seems like the hacker don't give any sign of stopping

Thank you very much for sharing @zeartul.

Always check the url. There are two red flags here that indicate it is not a legit steemit.com address:
security-steemit.com.mx

Seriously. If you click on a Mexican TLD for an american company and expect to go somewhere safe? Well you kind of get what you ask for.

Wow.. crazy. Thanks for the warning!

DQmS4Qbni8nf1EpSnCLVU1pS22rZaSurP7wXRiNkeHYbixZ.gif

I see that this platform interests scammers more and more often. Not surprising. Be careful!

Can't we get some whales to downvote this account and remove it's reputation? That may stop some future bad experiences.

The @samstonehill account is busted, there's no way to get that back, we can only try and stop this from happening.

@royrodgers has voted on behalf of @minnowpond. If you would like to recieve upvotes from minnowponds team on all your posts, simply FOLLOW @minnowpond.

        To receive an upvote send 0.25 SBD to @minnowpond with your posts url as the memo
        To receive an reSteem send 0.75 SBD to @minnowpond with your posts url as the memo
        To receive an upvote and a reSteem send 1.00SBD to @minnowpond with your posts url as the memo

Oh boy. Shame.

This may be a sign to always to keep your liquid STEEM and Steem dollars to a minimum. Power Up maybe?

This way if ever hackers do to get into your account, you have 13 weeks to prevent the power down and that the stolen (liquid) valuables are only kept to a minimum.

Just my two cents.