ATTN: Posting Keys May be Compromised on Some Apps-UPDATE UPDATE

in #steem7 years ago (edited)

In the past couple hours we have noticed strange voting behaviors coming from lots of accounts and it seems some app has been compromised.

I have personally revoked all authorized apps on my account until we figure out which one it is.

You can go here to revoke authorization from apps
https://v2.steemconnect.com/apps/authorized

I am sure there will updates later today

UPDATE: Seems that Utopian.io was hacked. So please revoke all posting access to Utopian until fixed

Sort:  

Shout out to @emrebeyler for discovering this:)

Keep in mind if this hack is SteemConnect related, logging in now may put your account at risk as it requires an active key.

I highly recommend changing your active key at this point if you have been in SteemConnect at all just be safe.

I thought SteemConnect is kind of official and there is no chance of compromising our keys there, but man this made me worry :/

SteemConnect is a project of Busy.org and is not a Steemit Inc project. It is likely the most secure option available but it is still a third party with unknown source code.

The code is open source and is available in a repository by the official Steemit Inc. github account (although developed by the busy team as you said) https://github.com/steemit/steemconnect

Good looking out Marky - thanks !

Do you think that Steemconnect could be hacked? I thought it was kinda ultra safe. Do you recommend to change the keys to anyone who's on steemconnect?

Yes, it is very possible, but more details will be released soon what it was specifically. I would recommend changing keys to be safe.

Ok mate thanks, Im gonna do that just In case. Is kinda weird I can't fin the button to "show" the private owner key.

You cannot get the private owner key via the UI

So how is the process in order to change it, I have to do it via steemd or something? Sorry to bother you I'm still not understanding a lot of Steemit.

If you change your password from Steemit.com, it will change all your keys.

This is not a SteemConnect issue, but a Utopian.io problem. Only a token was stolen, not a key. The problem at the moment is already solved.

what do you mean by saying only token?

A token to access the posting key in the utopian application has been stolen, not the posting key (users) itself. The posting key of each Utopian user is safe. The problem is already resolved and there is no reason to worry.

I got it already, thanks anyway :)

This is why I'm not using any app that requires my ACTIVE key.

SECURITY AWARENESS to all.
Please use POSTING to post and comment. Use ACTIVE when you need to WITNESS vote or transfer fund.

Keep steeming and keep you keys safe.

Please use POSTING to post and comment. Use ACTIVE when you need to vote or transfer fund.

Please use POSTING to post and comment. Use ACTIVE when you need to witness vote or transfer fund.

FTFY

Cheers mate.

Thanks, had not considered that.. changed for safety.

I changed my passwords.
thank you.

Damn, I hate unexpected surprises. We're kind of left with no choice but to trust steem apps. Sucks.

wow very nice and good information

thanks for your kind information

Thank you. Account updated.

This post has been resteemed from MSP3K courtesy of @followbtcnews from the Minnow Support Project ( @minnowsupport ).

Bots Information:

Join the P.A.L. Discord | Check out MSPSteem | Listen to MSP-Waves

Though i dont have any sbd's and steem available at my wallet so as you guys lol but if ths was a hack still all of us gonna need to change our active keys to be sure. We dont have much info yet since the problem is already addressed by @gregory who's the developer of busy and steemconnect lets just wait.