Thank you for being ethical and responsible in this case.
BTW, I don't think that this is
" flaw in design of steemit website"
There's already "This Memo is Public" note there.
This is rather Problem Between Keyboard and Computer type of bug. You can't prevent users from hurting themselves. If one note didn't help for all, adding second and third probably would reduce risks a bit, but there would be still those who would ignore it.
Anyway, good work.
Technically you are right, but still I believe, that if so many users are making exactly the same mistake... something is wrong. Guys like @dollarvigilante (a guy who have the biggest number of followers on Steemit) exposed his private memo key, @virtualgrowth and my cousin - @lukmarcus accidentally exposed own passwords - those guys are experts about Steem and Steemit when you compare them to average Joe.
I believe, that we can do things a little bit better, thats why I provided a pull request with a fix :)
I didn't... I haven't been hacked.
there are 4 pair of keys: active, owner, posting and memo. Every pair has public key and private key. Under any circumstances, you should never expose any of your private keys.
As I wrote in a post, right now exposing a private memo key is not very dangerous. But it was said few times, that in the future memo-keys will be used to encrypt and decrypt private messages. So basically every your conversation encrypted with your memo-key would be basically public for everyone who poses your private memo key.
Also... even right now everyone with your private memo key could try do some kind of social-engineering atack, by pretending that attacker is you (because technically speaking only you should be able to sign messaged with your private key).
So.. no, you account was not hacked right now, but with private memo key exposed, your account could be attacked in a moment when private-memo-keys would gain some new role in Steem ecosystem.
I see, ok thanks!
Jeff, take a break from walking your dogs and setup your avatar. Por favor.
LOL.
ouch, you could've mentioned that in your live show yesterday !
It took a whole day to get account access.
Anyways cheers !
Thanks so much for explaining the ramifications. I'll make sure to be extra vigilant when I do transfers. This is something I can see myself accidentally doing, and I'd rather avoid the headache.
You did Steemit a massive favor Noisy! It won't be forgotten! :)
Ale swietna robota! Ja tez raz prawie wkleilem w zle miejsce przy momencie mojej adhd nieuwagi. Dobrze ze nie ma mnie na liscie :-)
When you scroll through the names looking for yours....
same :D
lmfao! this so me right now.
haha I was definitely doing this
Haha!
Haha did the same even though I'm new user with nothing much too lose unfortunately ^^
It may be an error 40, but it still should be easy for steemit website to check if the memo contains an account key (or what likely is one) and give an error message for that.
Why keep an error source open just because YOU would never make that error (which of course say at least 50% of those who make it).
Sure, I'm not saying that we shouldn't try to reduce those chances. Appropriate modification is on its way.