If you haven’t already read my cousin @noisy post about hacking Steemit accounts...
First of all - I’m not even a programmer.
We found out about human made errors in transfers’ memos. Some users used their passwords in public field so anyone could just “hack” their accounts without any hacking skills. Some of those users used their passwords by mistake and they found out those mistakes. But others... well... they didn’t. Until today their passwords were there in the open.
We found only 9 working passwords and we changed them. But look when they were published:
Reaction time | Passwords |
---|---|
< 1 week | 1 |
< 1 month | 1 |
< 6 months | 5 |
< 1 year | 2 |
But there are more to that.
We know from experience that passwords begin from P and have 52 or more random characters/numbers. When we searched the memo database we found out 28 of those passwords! Some of them were already changed but we can’t be 100% sure if they wasn’t changed by someone else. And I suppose there are a lot of not-generated passwords that were changed already. We will never found it out.
Here is the known list:
User | Password published | Password changed |
---|---|---|
@anggicitrayani | 2017-05-06 04:12:24 | 2017-05-09 04:07:00 |
@anwen-meditates | 2016-07-25 04:22:33 | 2017-06-07 13:10:51 |
@aubreyfox | 2017-01-21 14:52:09 | 2017-06-07 13:14:54 |
@blacktiger | 2017-05-10 14:55:48 | 2017-06-07 13:14:30 |
@christoryan | 2017-03-28 09:19:54 | 2017-04-09 02:08:18 |
@crazymumzysa | 2017-02-04 11:07:15 | 2017-02-04 11:09:51 |
@dunja | 2017-02-20 01:11:51 | 2017-06-07 13:10:00 |
@elewarne | 2016-10-29 13:07:09 | 2016-10-29 13:43:33 |
@hansolo | 2017-02-25 14:03:36 | 2017-02-25 14:24:27 |
@hpns0110 | 2017-06-05 14:33:24 | 2017-06-05 14:43:06 |
@jakethedog | 2017-03-21 22:16:03 | 2017-06-07 13:10:54 |
@loveofprofit | 2016-09-12 22:55:18 | 2017-05-31 17:55:27 |
@marszum | 2017-05-20 16:56:18 | 2017-05-21 22:48:03 |
@me-tarzan | 2017-02-12 19:05:12 | 2017-02-15 13:54:33 |
@miketr | 2016-07-30 13:28:09 | 2017-06-07 13:13:24 |
@quetzal | 2017-06-04 10:47:03 | 2017-06-07 13:14:36 |
@ricardoguthrie | 2017-04-25 23:36:18 | 2017-05-14 19:30:06 |
@riskdebonair | 2017-05-29 18:12:36 | 2017-05-29 18:15:03 |
@streetartgallery | 2016-11-01 19:40:48 | 2016-11-01 19:46:24 |
@t3ran13 | 2016-08-16 19:28:48 | 2016-08-17 05:38:24 |
@technology | 2016-08-15 15:42:18 | 2016-08-15 23:50:57 |
@tieuthuong | 2017-03-19 01:44:18 | 2017-06-07 13:14:42 |
@uiaslout | 2017-05-11 17:15:03 | 2017-05-15 04:57:06 |
@virtualgrowth | 2016-10-24 19:10:06 | 2016-10-26 04:49:06 |
@virtualgrowth | 2016-12-06 19:08:45 | 2017-06-07 13:00:33 |
@voiceover | 2017-03-25 17:03:00 | 2017-03-29 23:14:48 |
@xcigar | 2017-06-03 23:18:00 | 2017-06-03 23:21:33 |
@zer0hedge | 2017-06-03 02:24:48 | 2017-06-03 02:25:24 |
Let’s sort it by reaction time of password changed.
User | Reaction time | Our action |
---|---|---|
@zer0hedge | 36 s | no |
@riskdebonair | 2 min 27 s | no |
@crazymumzysa | 2 min 36 s | no |
@xcigar | 3 min 33 s | no |
@streetartgallery | 5 min 36 s | no |
@hpns0110 | 9 min 42 s | no |
@hansolo | 20 min 51 s | no |
@elewarne | 36 min 24 s | no |
@technology | 8 h 8 min 39 s | no |
@t3ran13 | 10 h 9 min 36 s | no |
@marszum | 1 d 5 h 51 min 45 s | no |
@virtualgrowth | 1 d 9 h 39 min 0 s | no |
@me-tarzan | 2 d 18 h 49 min 21 s | no |
@anggicitrayani | 2 d 23 h 54 min 36 s | no |
@quetzal | 3 d 2 h 27 min 33 s | YES! |
@uiaslout | 3 d 11 h 42 min 3 s | no |
@voiceover | 4 d 6 h 11 min 48 s | no |
@christoryan | 11 d 16 h 48 min 24 s | no |
@ricardoguthrie | 18 d 19 h 53 min 48 s | no |
@blacktiger | 27 d 22 h 18 min 42 s | YES! |
@jakethedog | 77 d 14 h 54 min 51 s | YES! |
@tieuthuong | 80 d 11 h 30 min 24 s | YES! |
@dunja | 107 d 11 h 58 min 9 s | YES! |
@aubreyfox | 136 d 22 h 22 min 45 s | YES! |
@virtualgrowth | 182 d 17 h 51 min 48 s | YES! |
@loveofprofit | 260 d 19 h 0 min 9 s | no |
@miketr | 311 d 23 h 45 min 15 s | YES! |
@anwen-meditates | 317 d 8 h 48 min 18 s | YES! |
When we compress it a little:
Reaction time | Passwords |
---|---|
< 5 minutes | 4 |
< 10 minutes | 2 |
< 1 hour | 2 |
< 1 day | 2 |
< 1 week | 7 |
< 1 month | 3 |
< 6 months | 5 |
< 1 year | 3 |
And finally when it will be changed into graph with days in bottom:
CONCLUSION!
Be careful! This data can be found by anyone and it’s still out there in the open! Think twice when posting a memo during transfer!
Interesting stats! I'm very happy that you guys used the opportunity to educate people about the dangers of posting the password in the memo field. If the wrong people had figured this out before you guys, a lot of money could have been stolen. Luckily, seeing as several of the people had this public for over 100 days without anyone changing it, I would guess that no one has figured this out before you guys.
It's hard to tell if those passwords were really changed by authors or some random people who by accident found those passwords in wallet page.
Really well done! Thank you so much
While this post may not make as much money as the original, I am super glad you did make it.
The stats and data of reaction time, and everything else you put in here was incredibly interesting for me to read.
Thank you for taking the time to produce this data and present it in such an easy-to-read, professional looking manner. WOW! Great work!
Thanks for help with whole thing :) I is good to have you on Stemit next to me :)
We're like good cop and... good cop :)
Thanks for sharing the info it worth more than a thousand dollars
Can you good cops help me put, need Steem Power that can get me $700 per post
Fastest reaction time, Do I win something ?
You win not loosing your account :)
Yes I had thank you so much guys well done
LOL, that's a lot of stats! How do you even handle that!!
@ lukmarcus Wo!!! Thank you for your work.
Worth of follow and 1c like. Definitely
you guys are amazing, thanks for keeping the community safe.. you guys motivate me man!
thanks for the info.
Wow thank you very much!
keep it up the good work you are doing to the community.
Great Job man!
Steem on!
Nice job with these stats. I curious, did you try to search for these "peoples" in other places like reddit, fb, gmail or something... Maybe they leave marks?
What do you mean by
leave marks
?someone can have similar nick/login/email and post information similar to these from steemit accounts.
You guys need to be appreciated. 👏
Great Work!!!
Awesome work, you will get my upvote @lukmarcus.
This is a warning for us. Let be aware with careless action.
Good job @lukmarcus! come check out some of my content.
so how do we stay safe /prevent our act from being a victim
Simply don't paste your password into any other field than password field.
Top info here. People need to be aware of the information they leave open to nasty folk!
Hmm I love this @noisy @lukmarcus
PLEASE HELP! https://steemit.com/hack/@jonipilo/alert-to-all-hacked-owners-of-steem-in-this-article
@jonipilo you didn't read the post and proceeded to make your own post scaring people. They already said they changed the passwords of the ones that has unchanged paswords to protect those accounts. As a result, I had to downvote your comment promoting your unnecessary blog post.
Thanks, i already got many owners sending me a big "thank you" for helping, so you can do whatever you want. I will keep on helping anyone hacked in here, not you definitely
Why wouldn't you link to the original post? Your intentions are not noble.
thanks, im not looking for your approval really