Question to Experts on today's incident - Phishing Attacks

in LeoFinance2 months ago
@arcange recently made a post about HIVE account recovery in case you forget your password or your account is hacked, and who you should trust with password recovery. You can see his post at the link below.

https://leofinance.io/@arcange/account-recovery-about-trusting-and-not-being-trusted

Well, this is now my big question to the experts that they need to answer. Because what I know is only thoughts and ideas that come from what I read and from what I know from other people and from my studies. And because of this incident, I know this is also the question of the victims of the person who did this to our HIVE account.

I appreciate @gillianpearce's suggestion. Let's start the question...

QUESTION:

Question to experts like @arcange, @blocktrades, and @khaleelkazi and to whom it may concern.

1. Is it possible for hackers to get our HIVE and Leofinance password even if it has a HIVE SIGNER private password? Please explain how and why?

2. How can a hacker get the HIVE wallet password to transfer the amount from our wallet to his wallet without permission? And what should we do?

3. Is there a way to get back the amounts he got from the people? And what should be done to prevent such incidents?

Now, many are waiting for your response for the safety of our accounts. Hopefully, at least one of you will comment and answer the questions for the reassurance of the majority.

Thank you...

Posted Using LeoFinance Beta

Sort:  

That is indeed worrying. If it is not one of the app on HIVE that you give permission to then maybe it's from Steem from long ago? Are your keys on HIVE the same as the one on STEEM?

Maybe I should also change my keys now just to be safe.

Nope it's not. I did change it when we divert here in HIVE from Steemit. I did change my password many times, I think in 1 year is 3x. Then this is what happens after.

Posted Using LeoFinance Beta

Q1:
Consider a hacker who obtained your HiveSigner password. It will only be able to broadcast transactions to the blockchain if you have imported your posting or active key in HiveSigner. But he won't be able to access the keys themselves. This also applies to your password which is not stored in HiveSigner. That being said, I'm not a fan of HiveSigner.

Q2:
The hacker needs your private active, owner key or Hive password to be able to perform transfers. There are many ways to obtain this information. It's up to you to be vigilant and not to communicate them.

Q3:
Simpler answer: NO

Conclusion: be careful, never provide your private keys to anyone unless you are 100% confident it is safe to do so and even in that case, always perform a double check.

!ENGAGE 20

Posted Using LeoFinance Beta

Thank you for your engagement on this post, you have recieved ENGAGE tokens.

Thank you so much to your answer... I admire you, because you are willing to answer questions like this. ^_^

Posted Using LeoFinance Beta

Thank you for this information @arcange.