WARNING: If you voted on steemengineteam post change your keys immediately

avatar
(Edited)

This has nothing to do with @aggroed’s Steem Engine but there is an account called “steemengineteam” that has posting keys or access to other dapps posting authority for thousands of users.

If you see your vote listed on this post and you did not do it change your keys immediately until we figure out where the leak is.

https://steemit.com/ireland/@steemengineteam/ireland-its-time-to-hop-aboard-the-steemengine-2019-10-19

Will post updates as figure them out.

Take this time to review your authorizations and remove what is no longer needed.



0
0
0.000
101 comments
avatar

Note: changing your keys might not be enough if you have authorized apps to use your account. You must revoke the app in order to keep them from using your vote.

https://beta.steemconnect.com/auths

0
0
0.000
avatar

Thanks for bringing that up. Right now it is unsure if they have keys or using a posting authority.

It doesn’t appear they have their own authority and are either using someone else’s they has access to or more likely using actual posting keys farmed via an app or accidentally leaked.

0
0
0.000
avatar

They don't use steemconnect. I signed up to check and you have to enter your posting key onto the side. It's probably saved into their own DB. So everyone who is affected by these fuckers should change his/her keys asap.

0
0
0.000
avatar

Maybe not related to this case but it's always good to review what apps are authorized to your account.

0
0
0.000
avatar
(Edited)

This app is not listed there.


Please excuse the editing.
In this app, the private key was saved directly on the website :-(

0
0
0.000
avatar

good idea just to review this in general. i have granted access to a ton of apps that arent even valid anymore. thats ending. tx

0
0
0.000
avatar

Good point....just revoked a bunch

0
0
0.000
avatar

Time to create a steem police force

0
0
0.000
avatar

Why that?! We care for each other, do we? Anything more then this eventually gets worse, don't you think?

0
0
0.000
avatar

who was that guy who screwed over CC? gotta wonder if he had a few alts...

0
0
0.000
avatar

I'm going to share this post in the neoxian discord. Thanks for the heads up. Luckily my vote wasn't used.

0
0
0.000
avatar

A list of accounts that have voted for @steemengineteam

https://hackmd.io/BHJJ32OVQQyxf9K8MTzcbQ

Might be quicker to check than logging on to alt accounts. (Ctrl+F to search)

Thanks for the heads-up.

0
0
0.000
avatar

Thanks. Unfortunately, I'm on the list.

0
0
0.000
avatar

If you choose to change your keys, which i think is being advised, don't forget to make an offline copy.

0
0
0.000
avatar

Already done. It's on files on USB and printed out. :-)
Thanks so much for your help on this.

0
0
0.000
avatar

I am on your list and have changed my password, but cannot find a vote for that post thru steemworld.org or https://steemd.com/ireland/@steemengineteam/ireland-its-time-to-hop-aboard-the-steemengine-2019-10-19

How did you get the names on your list?

0
0
0.000
avatar

I used @steemsql and checked every vote to the account, not just the post above.

0
0
0.000
avatar

Thanks for the reply and for using your access to SteemSQL to run the query. Do you know of another way I could look for the posts my account voted for?

0
0
0.000
avatar

There used to be a couple of places but they seem not to be running now.

0
0
0.000
avatar

same here @mytechtrail. Via Asher's link I am on the list of voters, but on steemworld and steemd, my name didnt show up

0
0
0.000
avatar
avatar
(Edited)

For Vienna, i downvoted it manually earlier

And for the 3rd link you gave, it was manually too

What am talking about is the Ireland post where my name is listed as voter on your list, yet am not on steemworld and steemd for that Ireland post. So thats the odd one.

0
0
0.000
avatar

Then you must be in the clear :)

The list was all votes on the account, with number of votes next to each account.

Apologies for the confusion.

0
0
0.000
avatar

Does this mean that those who are included have been infected?

0
0
0.000
avatar

I would change your keys to be safe.

Don't forget to back them up.

0
0
0.000
avatar

Thanks for putting that list together

0
0
0.000
avatar

Glad it is of use :) I didn't fancy logging into 10 alts to see if they'd voted somewhere!

0
0
0.000
avatar
(Edited)

My name is on that list but I don't see any vote going out from my account to that post in, I just checked the last 3 days using steemworld. The only votes are the ones I just did manually (4% and then back to 0%). Why is my username on that list if no vote came out from my account? @abh12345?

Edit: I think I know why my account is on that list, because I voted them in the past. But I haven't vote in their posts in months perhaps even more than a year.

0
0
0.000
avatar

Yes that is the reason and you have likely changed your keys and/or removed authority so should be good.

0
0
0.000
avatar

Luckily I am not affected by this, but thanks for letting people know.

I hope that no big harm comes out of this, and everyone gets to go on about their doings without having to worry much.

0
0
0.000
avatar
(Edited)

.

0
0
0.000
avatar

I didn't sign up to autovote for them...

0
0
0.000
avatar
(Edited)

.

0
0
0.000
avatar

I'm not linked to their Steem account - just their official steem-engine.com site. I'm not autovoting them (I double checked.) It would also appear - looking at the Steem account mentioned above - that these people are trying to do a serious phishing scam.

Not trying to be argumentative, just trying to help those who are trying to figure out the leak.

0
0
0.000
avatar
(Edited)

.

0
0
0.000
avatar

I didn't think so.
But your previous comment was very confusing to me then. I haven't linked an account with them...

0
0
0.000
avatar

I agree. It isn't a leak... it's their business model of defaulted autocuration vote trading.

Posted using Partiko Android

0
0
0.000
avatar

For everyone not knowing how to revoke posting authority of an app or changing ur master key here :)

0
0
0.000
avatar
(Edited)

Seems like upvotes are mostly done with the users of this application, directly with the users' keys. Regarding the app accounts, here are the most common apps authorized amongst upvoters (2810)

[('busy.app', 1199), 
('steemauto', 727),
 ('dtube.app', 688), 
('steem.app', 615),
 ('dmania.app', 552), 
('dlive.app', 530), 
('bottracker.app', 441), 
('steemhunt.com', 358), 
('partiko-steemcon', 350), 
('utopian.app', 289)]

This information itself doesn't point anything exactly, though. I was curious, here is the data for others also.

0
0
0.000
avatar

okay - the only one of those I use is SteemAuto. I just checked that one too (changing keys, etc, with SteemConnect as well...) I didn't have any unauthorized autovotes.

0
0
0.000
avatar

And someone claimed that Steem is going to be boring.

Pfft.

All kinds of crazy stuff is popping up. Thanks for the warning, glad I'm not on the list.

0
0
0.000
avatar

Realized how little I use steemconnect now due to steemkeychain. Time to revoke most of the apps.

0
0
0.000
avatar

I find it interesting that they specifically only wanted posting, not active key.

Thanks for the info. That deserves a witness vote.

0
0
0.000
avatar

Thank you for the heads-up
Not on the list but have shared it with the Mamas group

0
0
0.000
avatar

Luckily, my vote is not listed, but I am experiencing a similar issue related to @shadowbot website.

Even though there is no authorization on steemconnect related to them and even though I have reset my keys several times, they still have access (posting) to my account. I already tried to contact them, but got no response and the setting on their website that supposedly would allow the removal of my account is broken. Other people seem to be experiencing the same issue.

Does anyone know how I can solve this problem?

0
0
0.000
avatar

@themarkymark, thank you for heads up! Another reminder of why I voted for you as a witness. 👍

Looks like I have voted for that account since my vote was on that list. I revoked all the posting keys on third party apps. But it is not good for the ecosystem. I do not use steemconnect.com anyway - prefer the Steemkeychain extension myself.

Maybe there is a chance to put an extra field on blockchain, when the third party does something on behalf of a user. That would make it easier for all of us to find the bad actors who harm the system.

steem-auths

Here is an example of what I mean. I took a real transaction and changed the data to better illustrate the idea.

What do you think abut it?

0
0
0.000
avatar

On steem?

Self proclaimed community watchdogs are actually hacking and stalking people.

This group https://steemit.com/@steemspeak is ran by https://steemit.com/@fyrstikken, They are hacking people that enter this discord server https://discordapp.com/invite/sqxV63P . Once you are hacked they profile you long enough to know all of your activities. They introduce workplace gangstalking visits and bring it to your attention cleverly and discretly so only you get it. They are very covert and tricky with everthing they say and do in this server. Some claim to have worked for or are working with the FBI and the NSA. Mixed with decomisioned traders and coding criminals, Its a scary mix of creepy people and thier intent is to drive you crazy and deplete everything you have ever aquired in life, even your freedom.

My hacking started with them introducing ransomeware that has options, dump my coin or delete my system drive. They acnowledged this to me in the server as it happened.

This hacking and stalking is done so they can manipulate the target to pump and dump for them. Threating and Making victims wear head phones, so nobody in your household can hear thier dramitization towards you. In 2017 this server was sidemarked as a drama show for entertainment purposes only as en excuse to say whatever they want all the way down to killing a politician. They have a server side command called "hey asshole" making a promt come up instructing everyone to wear headphones. They want everyone wearing headphones so nobody in your vicinity can hear them mess with you. Fystikken says its because of "mic feedback" but once your a target you get exactly why they make eveyone wear headphones.

With headphones on they subliminally direct victims with very low suggestive whispers mixed into their radio shows music. Combine this with them being able to manipulate their own individual outputs sound volume, which they control on the server side, they can pick what individual people hear and what at any given time. They decide who you hear on the server and change the volume controls for them. They can make some really low or off for those trying to investigate. They control who hears what and know who is who.

This team will find absolutely everything they can about you prior to using thier sugjestive and threatning program. They Introduce pictures that mean something only to the target, inducing paranoia while they watch and listen thru all of your circumvented devices. They are very aware of what makes you tick. They know your work schedule and use it for work stalking along side of this. I received multiple threating letters to my work and home addressed to my screen name from this group.

Fyrstikken tells people to sell their houses to buy crypto then dumps it on them. He has done many pump and dump scams. Quatloo being one of the first I witnessed and was done multiple times thru 2016 and 2017 them. It should be investigated for fraud. https://bitcointalk.org/index.php?topic=655793.0

0
0
0.000
avatar
(Edited)

Dude I saw this exact same thread on reddit. To be honest I'm not sure what to make of it. On the one hand @fyrstikken is a whale on here but that guy who wrote the thread, claims he is broke. I mean give me a broke guy with at least a hundred thou in his wallet and I'll show you the street where the devil spends his weekends at lol. On the other hand, because this same thread has been copied and pasted like a thousand times, it feels more like a smear campaign than a genuine complaint against an individual. If it is a smear campaign then you my friend have enabled it in some part by copying and pasting it on here.

0
0
0.000
avatar

I hope my name is not in there 😶😕😕😕📃✏ can some one say it... there are more then 2000 names.

0
0
0.000
avatar
(Edited)

Lol @foxkoit. The names are in alphabetical order so it shouldn't take you a minute to see if yours is on there or not. That said let me check it out for you.

0
0
0.000
avatar

Yours is definately not there dude

0
0
0.000
avatar

Thax :) ... now I feel more good :)

0
0
0.000
avatar

I was a victim of this. I have since changed my password and keys.
My guess is that is was some form of "Upvote Bank" or Steem Auto that got hacked because according to Steemworld.org for that account, most of the upvotes were $0.00 and 100% but some were like 77% or 10% or whatever people had set their amounts to.

0
0
0.000
avatar

You know that saying that bad things happen to good people? I guess I'm terrible because my name is not on there. Good peeps like @slobberchops are on the list though, I hope he sees this thread and rectify that situation.

Posted using Partiko Android

0
0
0.000
avatar

Thanks, I was wondering since a while!

0
0
0.000
avatar

I am a victem of this. Just finding out today. Awful.

0
0
0.000
avatar

Now this.....kill me
C6105F76-9702-4D62-89EE-355AF7868EDD.jpeg

0
0
0.000
avatar

I hope someone can help @jazzresin out. They are trying to stop their account being abused on both blockchains. Is changing keys enough or do authorities need to be revoked too? I think @hivewatchers should stop the flagging as they have made their point.

@themarkymark, is there a way to revoke Steem authorities from the web without Keychain? He's using an iPad. I'm just trying to help sort this out, but it's gone beyond my knowledge.

There are hundreds of accounts affected by this issue, but most have been abandoned.

0
0
0.000
avatar

@jazzresin

You would need to come to our Discord to talk about it, please:
https://discord.gg/yuC7GJpw

0
0
0.000
avatar
(Edited)

Has anyone done a post on how to effectively disconnect the spammers from an account? There is obviously a need for that information. When people are trying to do good it's better to inform than punish.

We need more effort to actually remove rewards from the actual spammers. Some of the big trolls are actually voting them up. Doesn't look like they are using their 'botnet' for now, but then that probably didn't give them much anyway.

0
0
0.000
avatar

Sorry. Have been moving belongings into storage and am just now seeing this. I will look it up on discord. The link doesnt seem to work.

0
0
0.000
avatar

So yeah this is a bloody headache

C8428C3E-8EFD-4279-AB3B-24BDC0A50E58.jpeg

FB2489A6-A843-4064-B891-8A9B0AF8E7D9.jpeg

0
0
0.000
avatar

Should only need account recovery if you don't have master key. Changing keys is done on hive.blog or peakd. May be possible to do with a Python script. Sorry, but that is the limit of my knowledge.

0
0
0.000
avatar

Why would they instruct me to use a third party site tool to recover? I looked up the ips and its some github written in. 2017?!?
source: RIPE

organisation: ORG-GI58-RIPE
org-name: GitHub, Inc.
country: US
org-type: LIR
address: 88 Colin P. Kelly Jr. Street
address: 94107
address: San Francisco
address: UNITED STATES
admin-c: GA9828-RIPE
tech-c: NO1444-RIPE
abuse-c: AR39914-RIPE
mnt-ref: us-github-1-mnt
mnt-by: RIPE-NCC-HM-MNT
mnt-by: us-github-1-mnt
created: 2017-04-11T08:28:46Z
last-modified: 2020-12-16T13:16:10Z
source: RIPE # Filtered
phone: +1 415 735 4488

role: GitHub Admin
address: 88 Colin P. Kelly Jr. Street
address: 94107
address: San Francisco
address: UNITED STATES
nic-hdl: GA9828-RIPE
mnt-by: us-github-1-mnt
created: 2017-04-18T22:16:30Z
last-modified: 2017-04-18T22:18:03Z
source: RIPE # Filtered
abuse-mailbox: [email protected]
org: ORG-GI58-RIPE

role: GitHub Network Operations
address: 88 Colin P. Kelly Jr. Street
address: 94107
address: San Francisco
address: California
address: UNITED STATES
nic-hdl: NO1444-RIPE
mnt-by: us-github-1-mnt
created: 2017-04-18T20:05:01Z
last-modified: 2017-04-18T22:19:53Z
source: RIPE # Filtered
org: ORG-GI58-RIPE
admin-c: GA9828-RIPE
abuse-mailbox: [email protected]

% Information related to '185.199.110.0/24AS36459'

route: 185.199.110.0/24
origin: AS36459
descr: GitHub - 185.199.110.0/24
org: ORG-GI58-RIPE
mnt-by: us-github-1-mnt
created: 2017-04-18T21:03:03Z
last-modified: 2017-04-18T21:03:03Z
source: RIPE

organisation: ORG-GI58-RIPE
org-name: GitHub, Inc.
country: US
org-type: LIR
address: 88 Colin P. Kelly Jr. Street
address: 94107
address: San Francisco
address: UNITED STATES
admin-c: GA9828-RIPE
tech-c: NO1444-RIPE
abuse-c: AR39914-RIPE
mnt-ref: us-github-1-mnt
mnt-by: RIPE-NCC-HM-MNT
mnt-by: us-github-1-mnt
created: 2017-04-11T08:28:46Z
last-modified: 2020-12-16T13:16:10Z
source: RIPE # Filtered
phone: +1 415 735 4488

% This query was served by the RIPE Database Query Service version 1.99 (ANGUS)

0
0
0.000
avatar

I don't think you need it. I haven't used such a service. I think you should find someone on Discord to help guide you though this as I don't know enough.

0
0
0.000
avatar

Maaaan. I dont know who to trust in this world.

Doesnt matter.
Matter is mostly empty space.

0
0
0.000
avatar

I dont think i should trust discord hivewatcher at all.

0
0
0.000
avatar

Your choice. Should you trust me?

HW have good intentions, but their people skills can be lacking. They are volunteers working under pressure. They get a lot of attacks from people. There are other channels such as the main Hive one that may be more helpful.

0
0
0.000