This step-by-step guide will show you how to recover your account and your reputation after getting hacked.
It Can Happen To Everyone
If you’ve been following my blog, you probably know I got hacked last week. If you haven’t read my post/ warning yet, please head over to: ‘The Most Important Thing I’ve Learned From Getting HACKED!!.
Unfortunately, the phishing scam is still going on, and people are still falling victim to the hackers.
What’s Going On?
In case you haven’t heard the news yet: hackers are compromising accounts by sending out phishing messages with a fake link.
The phishing messages take many forms.
When you click the link inside, you’re taken to a fake website (like for example steemil.com or steewitt.com) which resembles SteemIt.
You’re then asked to log into your account. Once you do, the hackers have access to your credentials.
Once the hackers can access your account, they use it to send out their phishing message to others, trying to get more people to click their fake link.
When you’ve exposed just your private posting key, that’s all they can do and your money is safe. However, if you’ve exposed your private active key – or even worse: your master password – the hackers will withdraw your SBD and initiate the power down of your SP.
Once the phishing comments that were sent out from your account are detected, the people over at @steemcleaners will start flagging them. When a comment has been flagged, it is hidden from the public. This way, the risk for others to click one of the phishing links is reduced to almost zero.
The downside of this is that your reputation score will go down to -1.
Don’t Go Around Blaming People
I’ve seen several posts in which people are pointing their finger at the owner of the account that was used to post the phishing message.
Please don’t do this. The account has been hacked, just like yours. It’s the hackers that are sending out the phishing messages. The only thing you can blame the owner of is of being stupid enough to get his account hacked. By blaming the owner, you’re increasing the damage that has already been done.
What To Do When Your Account Has Been Hacked
I’ve noticed quite some people have abandoned their hacked account and created a new one, or still have their reputation score at -1.
As you can see, I recovered my account and got my reputation score back up, so it is possible to get out of this with just little damage.
Below, you can find the steps to take to get everything back to normal.
1. Start the account recovery process.
How to do this depends on how you’ve created your SteemIt account.
- If you’ve created your account through the SteemIt website itself, you need to initiate the account recovery process by clicking the ‘Stolen Accounts Recovery’ link in the menu you can open by clicking the menu item at the top right of your screen.
You’ll have to enter your account name and your password before you can click the ‘Begin Recovery’ button. Then, you’ll have to enter the email address associated with your SteemIt account. Once you’ve done that, you’ll have to be patient, because it can take up to 24 hours for the confirmation email to arrive.
Once you’ve received it, simply follow the instructions given.
- If you’ve created your account through Blocktrades, you’ll need to send an email to the Blocktrades support service. Someone from @blocktrades will then contact you. You’ll be asked to confirm your Blocktrades email address and you’ll need to send your password. They will then start the recovery process.
- In case your account has been created through AnonSteem, you’ll have to follow the guidelines for their ‘Stolen Account Recovery’ process, which have been outlined here.
2. Editing the comments
Once you are back in control of your account, you need to make sure the flags will be removed. @steemcleaners will do this for you, providing you edit every single phishing comment that has been posted from your account so it will become harmless.
This will take some work and time, but if it can help you to get your reputation score back up, it’s definitely worth it.
DO NOT DELETE THE PHISHING COMMENTS!!
To get started, go to https://steemworld.org/@yourusername.
(Change ‘yourusername’ to your actual username)
Scroll down to ‘account operations’ and find the spam comments that have been posted from your account.
Then, click the permalink.
There now is a script available that allows you to mass-edit comments. CLICK HERE to read the update.
From here, you should be able to edit the comment. Replace the existing text with ‘comment deleted’
You should do this for EVERY SINGLE PHISHING COMMENT.
(I told you it would take some work…)
3. Get the flags removed
Once you’ve edited all comments, visit the Steemcleaners Discord channel and tell them you’ve edited all the comments.
Be patient, it can take a while before someone is available to help you out.
Someone from @steemcleaners will then remove the flags so you can get back your reputation score.
If you’ve received flags from others, contact these people, explain the situation, tell them the comment has been edited to make it harmless and ask them to take away the flag.
That should do it.
When your account and reputation score are back up, you can decide whether or not you send all the people who got commented on a short comment with your apologies.
This may sound like another truckload of work, but by doing this you can clear your name entirely. I do recommend it, but it’s totally up to you.
How To Prevent This From Happening Again
It’s a shame it took such a drastic event for me to learn a couple of important things concerning account security.
First of all:
Never use your master password for daily logins.
As I’ve stated in my other post:
Always triple-check the URL to see that you’re actually on SteemIt before you enter your credentials.
Better be safe than sorry!
Below, you’ll find the links to some other posts about this situation.
Please take the necessary precautions so your account will be secure.
If you know someone who has been hacked, feel free to refer to this guide.