WARNING: If you voted on steemengineteam post change your keys immediately

https://beta.steemconnect.com/auths

inertia (73) · 10 months ago

Note: changing your keys might not be enough if you have authorized apps to use your account. You must revoke the app in order to keep them from using your vote.

0.00 NEOXAG

17 votes

themarkymark (78) · 10 months ago

Thanks for bringing that up. Right now it is unsure if they have keys or using a posting authority.

It doesn’t appear they have their own authority and are either using someone else’s they has access to or more likely using actual posting keys farmed via an app or accidentally leaked.

0.00 NEOXAG

5 votes

smooms (61) · 10 months ago

They don't use steemconnect. I signed up to check and you have to enter your posting key onto the side. It's probably saved into their own DB. So everyone who is affected by these fuckers should change his/her keys asap.

0.00 NEOXAG

mahdiyari (68) · 10 months ago

Maybe not related to this case but it's always good to review what apps are authorized to your account.

0.00 NEOXAG

condeas (64) · 10 months ago (edited)

This app is not listed there.

Please excuse the editing.
In this app, the private key was saved directly on the website :-(

0.00 NEOXAG

torico (63) · 10 months ago

good idea just to review this in general. i have granted access to a ton of apps that arent even valid anymore. thats ending. tx

0.00 NEOXAG

isaria (75) · 10 months ago

Good point....just revoked a bunch

0.00 NEOXAG

https://hackmd.io/BHJJ32OVQQyxf9K8MTzcbQ

abh12345 (77) · 10 months ago

A list of accounts that have voted for @steemengineteam

Might be quicker to check than logging on to alt accounts. (Ctrl+F to search)

Thanks for the heads-up.

0.00 NEOXAG

13 votes

isaria (75) · 10 months ago

Thanks for putting that list together

0.00 NEOXAG

abh12345 (77) · 10 months ago

Glad it is of use :) I didn't fancy logging into 10 alts to see if they'd voted somewhere!

0.00 NEOXAG

kaerpediem (70) · 10 months ago

Phew!! Not on the list...
Thank you :)

0.00 NEOXAG

abh12345 (77) · 10 months ago

Bravo :D

0.00 NEOXAG

mytechtrail (60) · 10 months ago

I am on your list and have changed my password, but cannot find a vote for that post thru steemworld.org or https://steemd.com/ireland/@steemengineteam/ireland-its-time-to-hop-aboard-the-steemengine-2019-10-19

How did you get the names on your list?

0.00 NEOXAG

abh12345 (77) · 10 months ago

I used @steemsql and checked every vote to the account, not just the post above.

0.00 NEOXAG

mytechtrail (60) · 10 months ago

Thanks for the reply and for using your access to SteemSQL to run the query. Do you know of another way I could look for the posts my account voted for?

0.00 NEOXAG

abh12345 (77) · 10 months ago

There used to be a couple of places but they seem not to be running now.

0.00 NEOXAG

thekitchenfairy (72) · 10 months ago

same here @mytechtrail. Via Asher's link I am on the list of voters, but on steemworld and steemd, my name didnt show up

0.00 NEOXAG

abh12345 (77) · 10 months ago

mytechtrail https://steemit.com/@steemengineteam\philippines-its-time-to-hop-aboard-the-steemengine

mytechtrail https://steemit.com/@steemengineteam\croatia-its-time-to-hop-aboard-the-steemengine

thekitchenfairy https://steemit.com/@steemengineteam\steemengine-stats---2019-06-14

thekitchenfairy https://steemit.com/@steemengineteam\vienna-its-time-to-hop-aboard-the-steemengine-2019-10-20

Two each :)

0.00 NEOXAG

thekitchenfairy (72) · 10 months ago (edited)

For Vienna, i downvoted it manually earlier

And for the 3rd link you gave, it was manually too

What am talking about is the Ireland post where my name is listed as voter on your list, yet am not on steemworld and steemd for that Ireland post. So thats the odd one.

0.00 NEOXAG

abh12345 (77) · 10 months ago

Then you must be in the clear :)

The list was all votes on the account, with number of votes next to each account.

Apologies for the confusion.

0.00 NEOXAG

macchiata (71) · 10 months ago

Does this mean that those who are included have been infected?

0.00 NEOXAG

abh12345 (77) · 10 months ago

I would change your keys to be safe.

Don't forget to back them up.

0.00 NEOXAG

viking-ventures (70) · 10 months ago

Thanks. Unfortunately, I'm on the list.

0.00 NEOXAG

abh12345 (77) · 10 months ago

If you choose to change your keys, which i think is being advised, don't forget to make an offline copy.

0.00 NEOXAG

viking-ventures (70) · 10 months ago

Already done. It's on files on USB and printed out. :-)
Thanks so much for your help on this.

0.00 NEOXAG

always1success (69) · 10 months ago

Thanks!

0.00 NEOXAG

abh12345 (77) · 10 months ago

0.00 NEOXAG

joanstewart (66) · 10 months ago

Thanks for list @abh123454, helped to do quick check.

Big thanks to @themarkymark for head up on this.

0.00 NEOXAG

dedicatedguy (75) · 10 months ago (edited)

My name is on that list but I don't see any vote going out from my account to that post in, I just checked the last 3 days using steemworld. The only votes are the ones I just did manually (4% and then back to 0%). Why is my username on that list if no vote came out from my account? @abh12345?

Edit: I think I know why my account is on that list, because I voted them in the past. But I haven't vote in their posts in months perhaps even more than a year.

0.00 NEOXAG

abh12345 (77) · 10 months ago

Yes that is the reason and you have likely changed your keys and/or removed authority so should be good.

0.00 NEOXAG

gaich (59) · 10 months ago

Thank you! !BEER

0.00 NEOXAG

beerlover (63) · 10 months ago

^{View or trade BEER.}

Hey @abh12345, here is a little bit of BEER for you. Enjoy it!

0.00 NEOXAG

luvlylady (56) · 9 months ago

Freaky stuff I tell ya. That list is long.

Posted using Partiko Android

0.00 NEOXAG

rishi556 (63) · 10 months ago

Realized how little I use steemconnect now due to steemkeychain. Time to revoke most of the apps.

0.00 NEOXAG

crokkon (69) · 10 months ago (edited)

thesteemengine is around for quite a while and I think to remember that this is a vote-for-a-vote thingy where users sign up with their private posting key. I'm not sure if there is really a leak...

edit: from their FAQ

Why am I automatically voting for SteemEngine posts?
You have autocuration enabled. If you would like to turn it off then go to link and click disable. Keep in mind that autocuation is the best way to gain points (10% bonus) and autocuration only happens once every 24 hours.

0.00 NEOXAG

5 votes

themarkymark (78) · 10 months ago

I saw that but it is obviously storing keys as it used votes from people who have not logged in a long time.

0.00 NEOXAG

viking-ventures (70) · 10 months ago

I didn't sign up to autovote for them...

0.00 NEOXAG

crokkon (69) · 10 months ago

It seems the their autovote-"feature" is checked by default when you link an account there :/

0.00 NEOXAG

viking-ventures (70) · 10 months ago

I'm not linked to their Steem account - just their official steem-engine.com site. I'm not autovoting them (I double checked.) It would also appear - looking at the Steem account mentioned above - that these people are trying to do a serious phishing scam.

Not trying to be argumentative, just trying to help those who are trying to figure out the leak.

0.00 NEOXAG

crokkon (69) · 10 months ago

Just to be sure that there is no misunderstanding: This post is about https://steemengine.net and @steemengineteam and has nothing to do with https://steem-engine.com or the tribes.

0.00 NEOXAG

viking-ventures (70) · 10 months ago

I didn't think so.
But your previous comment was very confusing to me then. I haven't linked an account with them...

0.00 NEOXAG

shauner (56) · 10 months ago

I agree. It isn't a leak... it's their business model of defaulted autocuration vote trading.

Posted using Partiko Android

0.00 NEOXAG

raymondspeaks (70)City Patriot · 10 months ago

I'm going to share this post in the neoxian discord. Thanks for the heads up. Luckily my vote wasn't used.

0.00 NEOXAG

torico (63) · 10 months ago

who was that guy who screwed over CC? gotta wonder if he had a few alts...

0.00 NEOXAG

isaria (75) · 10 months ago

ali-h

0.00 NEOXAG

torico (63) · 10 months ago

yah that shtcnt as cope would say...

0.00 NEOXAG

emrebeyler (75) · 10 months ago (edited)

Seems like upvotes are mostly done with the users of this application, directly with the users' keys. Regarding the app accounts, here are the most common apps authorized amongst upvoters (2810)

[('busy.app', 1199), 
('steemauto', 727),
 ('dtube.app', 688), 
('steem.app', 615),
 ('dmania.app', 552), 
('dlive.app', 530), 
('bottracker.app', 441), 
('steemhunt.com', 358), 
('partiko-steemcon', 350), 
('utopian.app', 289)]

This information itself doesn't point anything exactly, though. I was curious, here is the data for others also.

0.00 NEOXAG

viking-ventures (70) · 10 months ago

okay - the only one of those I use is SteemAuto. I just checked that one too (changing keys, etc, with SteemConnect as well...) I didn't have any unauthorized autovotes.

0.00 NEOXAG

majowonline (54) · 10 months ago

Time to create a steem police force

andrepol (58) · 10 months ago

Why that?! We care for each other, do we? Anything more then this eventually gets worse, don't you think?

0.00 NEOXAG

yonnathang (66) · 10 months ago

All right!

0.00 NEOXAG

chunkysoupsvc (59) · 10 months ago

Thankfully I am not on this list, but whats the best way of changing your keys?

themarkymark (78) · 10 months ago

Change password from Steemit.com and it will change all your keys.

0.00 NEOXAG

chunkysoupsvc (59) · 10 months ago

Simple and good to know.

tsnaks (64) · 10 months ago

Luckily I am not affected by this, but thanks for letting people know.

I hope that no big harm comes out of this, and everyone gets to go on about their doings without having to worry much.

0.00 NEOXAG

cwow2 (66) · 10 months ago

Thanks Mark!

luegenbaron (64) · 10 months ago

For everyone not knowing how to revoke posting authority of an app or changing ur master key here :)

0.00 NEOXAG

always1success (69) · 10 months ago (edited)

Resteem. Thank you @themarkymark, this is important for everyone!

0.00 NEOXAG

clm (57) · 9 months ago

Thanks, I was wondering since a while!

0.00 NEOXAG

luvlylady (56) · 9 months ago

You know that saying that bad things happen to good people? I guess I'm terrible because my name is not on there. Good peeps like @slobberchops are on the list though, I hope he sees this thread and rectify that situation.

Posted using Partiko Android

0.00 NEOXAG

xmauron3 (58) · 10 months ago

Thanks

joalvarez (69) · 10 months ago

Thank you for ggd warning @themarkymark

0.00 NEOXAG

michelangelo3 (64) · 10 months ago

Short tip to find out if you are on the list, go to: https://steemd.com/ireland/@steemengineteam/ireland-its-time-to-hop-aboard-the-steemengine-2019-10-19

Then click on "vote details" - so you can use Ctrl-F to search for your Acc.

Many thanks for the information @themarkymark. Is it already known whether https://steemengine.net is the bad guy?

0.00 NEOXAG

mytechtrail (60) · 10 months ago

I have changed my password, but could not find a vote thru steemworld.org or https://steemd.com/ireland/@steemengineteam/ireland-its-time-to-hop-aboard-the-steemengine-2019-10-19

I removed auths from most steemconnect apps, but one SCOTAUTO does not trig in my memory.

Hope you are able to find that leak if that is what is going on.

0.00 NEOXAG

old-guy-photos (73) · 10 months ago

I find it interesting that they specifically only wanted posting, not active key.

Thanks for the info. That deserves a witness vote.

0.00 NEOXAG

isaria (75) · 10 months ago

Thanks for the heads up

0.00 NEOXAG

kaerpediem (70) · 10 months ago

Thank you for the heads-up
Not on the list but have shared it with the Mamas group

0.00 NEOXAG

x782 (43) · 10 months ago

Luckily, my vote is not listed, but I am experiencing a similar issue related to @shadowbot website.

Even though there is no authorization on steemconnect related to them and even though I have reset my keys several times, they still have access (posting) to my account. I already tried to contact them, but got no response and the setting on their website that supposedly would allow the removal of my account is broken. Other people seem to be experiencing the same issue.

Does anyone know how I can solve this problem?

0.00 NEOXAG

scorer (58) · 10 months ago

@themarkymark, thank you for heads up! Another reminder of why I voted for you as a witness. 👍

Looks like I have voted for that account since my vote was on that list. I revoked all the posting keys on third party apps. But it is not good for the ecosystem. I do not use steemconnect.com anyway - prefer the Steemkeychain extension myself.

Maybe there is a chance to put an extra field on blockchain, when the third party does something on behalf of a user. That would make it easier for all of us to find the bad actors who harm the system.

steem-auths

Here is an example of what I mean. I took a real transaction and changed the data to better illustrate the idea.

What do you think abut it?

0.00 NEOXAG

foxkoit (72) · 10 months ago

I hope my name is not in there 😶😕😕😕📃✏ can some one say it... there are more then 2000 names.

luvlylady (56) · 9 months ago

Yours is definately not there dude

0.00 NEOXAG

foxkoit (72) · 9 months ago

Thax :) ... now I feel more good :)

0.00 NEOXAG

luvlylady (56) · 9 months ago (edited)

Lol @foxkoit. The names are in alphabetical order so it shouldn't take you a minute to see if yours is on there or not. That said let me check it out for you.

0.00 NEOXAG

eii (68) · 10 months ago

!BEER
for @themarkymark

0.00 NEOXAG

beerlover (63) · 10 months ago

^{View or trade BEER.}

Hey @themarkymark, here is a little bit of BEER for you. Enjoy it!

0.00 NEOXAG

throwbackthurs (46) · 10 months ago

@superheroes is also in on this scam it appears

0.00 NEOXAG

shaidon (65) · 10 months ago

I was a victim of this. I have since changed my password and keys.
My guess is that is was some form of "Upvote Bank" or Steem Auto that got hacked because according to Steemworld.org for that account, most of the upvotes were $0.00 and 100% but some were like 77% or 10% or whatever people had set their amounts to.

0.00 NEOXAG

oldtimer (75) · 10 months ago

So 3000 users need to change keys?

0.00 NEOXAG

themarkymark (78) · 10 months ago

I think there was 2850 or so votes. They probably have a lot of their own accounts. Many are probably dead at this point. But I would say a lot are voting without permission.

0.00 NEOXAG

oldtimer (75) · 10 months ago

Thanks.

0.00 NEOXAG