Hello guys, I'm quite new here but I went on Steemit a couple times to read crypto-based stuff. :)

I just came across this article (that I really recommend reading before this one) which is very interesting: sometimes people paste their keys in the memo box during transfer, and everyone can read it. Well, I know this might be old news, but @JerryBanfield created a program to find those passwords, still it's way easier than that to pick new ones, which is a terrible issue for the owners of those accounts.

First of all, a reminder

There are 4 kinds of keys on Steemit:

Active key

This key lets you transfer funds, it's one of the most important. You can also place trades on internal markets with this key, so NEVER POST IT ANYWHERE. Always keep it safe.

Posting key

This key lets you publish articles and up (or down) vote contents and comments.

Note key

This key just lets you create and manage notes, not a big deal.

Priority key (or password account)

The main password that can do anything. NEVER REVEAL THIS PASSWORD.

These all have public and private keys. No problem giving away the public ones, but the privates have a name that should be heard. Don't reveal them anywhere.

All of these keys can be found on https://steemit.com/@USERNAME/permissions

Okay, so what now?

Calm down, I'm coming to it!

These memos are written during money transfers. We definately need to put a box saying DO NOT WRITE YOUR KEYS HERE.

Thing is, on Steemit, most of the exchanges have an account. @bittrex, @binance-hot, @poloniex (dead as of now though). And guess what? Plenty of keys can be found on their transaction lists, which are working every 10 minutes at least.

I didn't try to withdraw, I tried to upvote on some (for research purpose, eh, don't judge) and sometimes it's working, sometimes not. I'm guessing people are sometimes posting Note key, Active key or another one. But still, @steemit, you NEED to act so these account aren't compromised. I know it's a BKAC mistake, but please, put some more messages so these people do not get stolen.

Here are some examples of accounts I could gain access

Sorry, website is in French...

It took me just a few minutes to figure this out. Always be careful guys: I know those keys are different from passwords, but NEVER REVEAL ANYTHING ANYWHERE.

Hope that my first blog post interested you and have a really nice day. It looks like I'm gonna like this community!