WARNING: Phishing is Back!
DO NOT click on any links in comments. Phishing is back on Steem.
Do not use your active key or password in any website. Use your private posting key only.
If your account was created by Steemit (@steem), there is currently no reliable way to recover your account.
How does it work?
You will likely see comments and posts with threatening or attractive links. Ignore them. Don't click! This is a common phishing ploy and over 1000 accounts are currently under phisher control. Some of them you may know as former friends. Whatever you do, do not click on anything.
The links look like they belong on Steemit or another legitimate front end but they do not. They take you to a website that looks similar and trick you into revealing your credentials.
Resteem this to get the word out.
More resources:
https://github.com/gryter/plentyofphish
https://steemit.com/phishing/@guiltyparties/phishing-warning-2-0
https://steemit.com/phishing/@guiltyparties/phishing-messages-faq
Thank you. Resteemed.
Good to know. Thanks.
You can change your recovery account via Steemworld.org
Click account details.
Click Change Recovery account
Sign the transaction with your private owner key.
I'm a little bit wary of using my owner key there. And the Steemconnect link is invalid.
Change keys after you do this if you're that worried. :)
Might have to. Don't want anything relying on Justin Sun providing a service to me.
Could not get this to work, not sure if I missed some step, always used steemconnect.
It takes 30 days for the recovery account to change
Thanks for assistance!
.
Yep! My recovery account is one that I own. Prompted by this very post!
My recovery account is Steem but can I change that without a master key?
.
Oh ok, thanks.
Just who to trust?! ha
Thanks to share here
good to know, scary still
I have a question. What is required to create a recovery account? My first account, this one, was made via Steemit in 2017. I have not seen a private master key for this account and I assume whoever created this Steem account (my Steemit account, @joeyarnoldvn) for me on my behalf has my private master key. According to Steemd, my recovery account is Steem or @steem.
Which keys are required for changing recovery accounts or can I change mine?
If you log into steemitwallet.com you can get your private keys.
Your master key (or password) provides access to all the below
Your posting private key lets you post transactions to the blockchain.
Your active private key lets you transact - power up, send steem, etc
Your owner private key lets you change your recovery account.
Your memo private key lets you read encrypted memos (transfers sent with a prefix of a pound symbol (#)
Hope that helps
Think of this as having different locks to different sections of your house.
No. I've tried many times for years. I've been having this problem for many years now. I used to write articles about this. Based on what I've seen since like 2017, I have not had access to my private master key. I believe I never got it in the first place. I am not new to Steemit. I have made three other accounts and I obtain master keys to two of them and do not have master keys to the ones I made via Steemit as they keep the master keys. My recovery account is @steem.
I'm not sure I understand, when I signed up my account ~3 or so years ago, I did so via steemit.com, and I remember painstakingly writing down all my keys by hand, including my masterkey (password)
I've changed them a few times since though!
Yeah. You might be right. So, it is possible that I lost mine if that is true. In 2019, I created another account via Steemit and did not get a master key. But when I created 2 other accounts via another website, I did get the random twelve words or passphrase similar to what you get for Bitcoin and other cryptocurrencies. So, I saved those master passphrases for those two accounts.
Are you talking about just a password or a passphrase as in twelve random words?
Password. Mine is not a key phrase.
When I created 2 Steem accounts, I got key phrases. It is the same as Bitcoin. And then there is the master password which should be one level under the passphrase.
@holoz0r bit green here but in account recovery what are you changing @steem from to what? what are we changing to exactly? I have all keys safe yes
I don't think @steem needs to be changed.
Well didn't you lose your owner key? I'm wanting to remove my account recovery from steemit because I think that doesn't exist hence the keys but I heard it's possible to do account recovery elsewhere such as splinterlands for example
When I created an account in 2019 via Steemit.com, they did not give me an owner key. Account recovery depends on how your account was created in the first place. I created two accounts via Steemit.com and I created two other accounts via a different website.
well if you didn't get owner key whats the site steemwallets like? or steemworld ? i'm sure a site exists that will let you generate your owner key.. I was given all keys when I created my account in 2016
Did you create your account via Steemit.com?
Yes
Other Websites:
When I created two accounts via not Steemit.com but another website, I got master passphrases which is a level above the private master key (password) and the passphrase is twelve random words similar to how Bitcoin, Ethereum, and other cryptocurrencies do it for their passphrases. When I created 2 accounts via Steemit.com, I did not get master passphrases because I didn't actually make the accounts.
Master Passphrase
Twelve Random Words
Private Master Key
Password code of letters and numbers
Creating or Registering
Because when you register on Steemit.com for example, you are submitting your request to join and a Steemit staff or somebody will pay 3 Steem or a certain amount of money to create the account on your behalf and they retain the passphrase in my experience. I know this because I have Bitcoin and because I created 2 Steem accounts on my own.
Recovery Accounts
So, when you create your own account, then you can assign a recovery account. When you register for an account on Steemit.com, then the recovery account should be @steem and that probably means that the Steem or Steemit Inc account (@steem or whichever accounts that may do those types of things) keeps the master passphrase for each account they create on behalf of the people that joined, that signed up, that registered to join Steem via Steemit.
Accuracy
Everything I'm saying is based on what I've observed based on things I did, since I created 2 accounts, and registered for 2 other accounts. So, I cannot say everything I am saying is totally accurate but as far as I know, this is what I saw and experienced.
Private Keys vs Public Keys
But at the same time, this account, @joeyarnoldvn, which I registered for in 2017, I may have lost my private owner key as I ended up saving my public private key back in 2017 and I kind of didn't know that there were public and private keys or maybe I forgot. So, that was a lesson I learned the hard way I think.
Changing Recovery Accounts
I think I have heard some people saying it might be possible to create and change the recovery account for a Steem account and I have tried to do that a few times and failed via Steemit.com or the Steemit Wallet website. I think I remember it saying I couldn't as I cannot seem to be able to find my private master key (password code of letters and numbers) or my master passphrase (twelve random words). As of right now, I cannot say that I am an expert in all of these things. I may try to investigate some of these things more in the future. I may try other websites, apps, to see if I can better protect some of my accounts. I think two of my accounts I created has this account here, @joeyarnoldvn, my first account, as a recovery account. In the future, I may try to change that as I do not have a master key for this account. Well, unless if @steem could perhaps reset my passwords, my keys. Yes, you can go into the wallet to try to reset the keys but it requires the master key which I think I lost. If Tron Overlord Justin Sun has control over the @steem account, he or other Tron staff could try to lock me out by resetting my keys. Well, I don't know if that is possible or not. But I kind of don't want to find out the hard way.
Hive
The good news is that we can at least try to move over to Hive and leave Steem tomorrow, that is Friday, and perhaps I will try harder to key my private keys saved lol.
Sad to see but I guess we might have a better chance with blacklists and downvotes this time to deal with them then we did in the bull run.
Thank You!
Very Good Info!
👍🏼😁👍🏼
Resteemed
Good looking out as always. Retweeted and resteemed.
At the moment, I didn't encounter such comments. Thank you.
Using Keychain rather than manually entering keys should reduce the risks.
Спасибо за информацию и с праздником вас 8 Марта.
The evil forces are amongst us on the steem blockchain.
Thanks so much for the warning @guiltyparties!
Resteemed 🤗
Thanks for the warning. Resteem
@guiltyparties,
Resteem...Thanks!
This has been around and people should be aware to never click anything that is from an unknown
Congratulations @guiltyparties! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPDo not miss the last post from @steemitboard:
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
@guiltyparties Two questions if I may.
Where have these evil forces come from all of a sudden?
Did they see opportunities on twitter, or is it something else?
How can we see a list of entities that have our active key?
Thank you for this warning my friend. Upvoted and resteemed!
Passwords:
2 of accounts were made via Steemit and I can confirm that I've not seen master passwords or private keys for those accounts meaning that the master key is probably kept by the accounts that create new Steem accounts on behalf of new people trying to join.
Obtaining Master Keys
I've created two additional accounts via another website and was given private master keys for those two. So, I can recognize the difference. At first, I thought I lost my master key for my first Steem account that I created, which is this one, via Steemit in 2017, but I am pretty sure now that I never got the master key in the first place. I used to ask people about this the past three or so years and I have been confused about the details off and on over the years.
Not Via Steemit
I'm writing all of this for the record to let people know that it would be better to create accounts via other websites. Well, technically, you would need to have a Steem account or at least be sponsored by another Steem account that can create an account for you on your behalf. If you don't do it yourself, you may not get a master key or somebody else may obtain a copy of that master key.
Changing Master Keys
If it is possible to later change your master key, then that might be an option. Making an account on your own might be a bit complex for some people. So, I can understand if people would prefer the easiest way to join or register or sign up possible.
Congratulations @guiltyparties!
Your post was mentioned in the Steem Hit Parade in the following category:
Thank you for the warning!
So what's the reason you are downvoting me?
Can you show me where?
I do apologise my bad
I clicked in wrong place it wasn't my post you downvoted but the Mormon comment underneath
Good on ya!