It was a sad scenario for me yesterday, not just because someone accessed my account and made away with some HBD but because I am still surprised how the person accessed my account.
I logged in around 3:15 pm yesterday and I noticed that my $27 worth of HBD is no longer there. Not quite long, I noticed that there was a swap of 27.990 HBD for 21 HIVE as can be seen below.
At this point, I concluded that my Hive account has been compromised. So, I immediately rushed to Hive-engine to take care of my liquid assets. I had 66 POB and about 11 LEO. I have been in the practice of staking all my Hive engine tokens, so that was why there were only the POB and LEO Tokens left. Luckily for me, they have not been touched, so I staked them immediately, knowing fully well that any staked token takes days to be unstacked. Now, I was prompt to change my Keys. When I was done changing the keys. I returned to Hive-engine and I discovered that my staked VYB and Leo are being unstacked. I had to cancel them.
When I finished securing my account, I started reassessing my past Hive activities. I couldn't pinpoint any activity that could have led to a leak of my account keys. The last activity I carried out that I used my Hive key was on Hive.vote. The key was only my posting keys which have limited permissions.
Nevertheless, I had my Hive keys as a document on my phone and I feel that the hack may come from there or perhaps because my Hivesigner password was saved on my chrome browser, which allowed the hacker to access the password somehow. I didn't lose much but it wasn't a good experience for me.
I enjoin every one of us to be careful with his keys. If possible, always change your hive keys weekly and avoid saving your keys on browsers. It might be difficult to manually input the keys whenever you want to carry out any activity but it is safer. Also, let us be conscious of the kind of permission we give to apps.
I want to thank @mineopoly, @scholaris, and @khoola for reaching out to me and giving me some useful information.
I won't forget to mention that @feruz helped me with the password reset link. Thank you, guys!!!.