ATTN: Posting Keys May be Compromised on Some Apps-UPDATE UPDATE

in #steem7 years ago (edited)

In the past couple hours we have noticed strange voting behaviors coming from lots of accounts and it seems some app has been compromised.

I have personally revoked all authorized apps on my account until we figure out which one it is.

You can go here to revoke authorization from apps
https://v2.steemconnect.com/apps/authorized

I am sure there will updates later today

UPDATE: Seems that Utopian.io was hacked. So please revoke all posting access to Utopian until fixed

Sort:  

Shout out to @emrebeyler for discovering this:)

Keep in mind if this hack is SteemConnect related, logging in now may put your account at risk as it requires an active key.

I highly recommend changing your active key at this point if you have been in SteemConnect at all just be safe.

I thought SteemConnect is kind of official and there is no chance of compromising our keys there, but man this made me worry :/

SteemConnect is a project of Busy.org and is not a Steemit Inc project. It is likely the most secure option available but it is still a third party with unknown source code.

The code is open source and is available in a repository by the official Steemit Inc. github account (although developed by the busy team as you said) https://github.com/steemit/steemconnect

Good looking out Marky - thanks !

Do you think that Steemconnect could be hacked? I thought it was kinda ultra safe. Do you recommend to change the keys to anyone who's on steemconnect?

Yes, it is very possible, but more details will be released soon what it was specifically. I would recommend changing keys to be safe.

Ok mate thanks, Im gonna do that just In case. Is kinda weird I can't fin the button to "show" the private owner key.

You cannot get the private owner key via the UI

So how is the process in order to change it, I have to do it via steemd or something? Sorry to bother you I'm still not understanding a lot of Steemit.

If you change your password from Steemit.com, it will change all your keys.

This is not a SteemConnect issue, but a Utopian.io problem. Only a token was stolen, not a key. The problem at the moment is already solved.

what do you mean by saying only token?

A token to access the posting key in the utopian application has been stolen, not the posting key (users) itself. The posting key of each Utopian user is safe. The problem is already resolved and there is no reason to worry.

I got it already, thanks anyway :)

This is why I'm not using any app that requires my ACTIVE key.

SECURITY AWARENESS to all.
Please use POSTING to post and comment. Use ACTIVE when you need to WITNESS vote or transfer fund.

Keep steeming and keep you keys safe.

Please use POSTING to post and comment. Use ACTIVE when you need to vote or transfer fund.

Please use POSTING to post and comment. Use ACTIVE when you need to witness vote or transfer fund.

FTFY

Cheers mate.

Thanks, had not considered that.. changed for safety.

thanks for your kind information

This post has been resteemed from MSP3K courtesy of @followbtcnews from the Minnow Support Project ( @minnowsupport ).

Bots Information:

Join the P.A.L. Discord | Check out MSPSteem | Listen to MSP-Waves

I resteem and upvote your excellent post

Damn, I hate unexpected surprises. We're kind of left with no choice but to trust steem apps. Sucks.

wow very nice and good information

Thank you. Account updated.

Though i dont have any sbd's and steem available at my wallet so as you guys lol but if ths was a hack still all of us gonna need to change our active keys to be sure. We dont have much info yet since the problem is already addressed by @gregory who's the developer of busy and steemconnect lets just wait.

Which button has to press "revoke tokens"?

I changed my passwords.
thank you.

what is stored in our wallet still safe? or we should also change our steemit password?

Thanks for the heads up dude!

So you used an app to revoke authorizations?

Hello @followbtcnews, thanks for your friendly update.
Happy steeming!

Thanks for the information provided, to be careful

Thanks for the heads up, removed access to some dormant apps I was not using to be safe. Hope Utopian gets fixed soon!

Whew, never used utopian thankfully! But if this can happen to utopian - it can happen to any other service. Stay vigilant, mangoes.

I'm glad that the issue has been resolved. Honestly, there was this fright in me when I read the post. Thanks, Jeff for the information. It has made me to revoke some apps, especially those that I don't use very often. Post has been reblogged.

@maryfavour.

Nic application and perfect.@followbtcnews