wow! so basically you hacked 500 accounts and gave the keys back to steemit!?
well good job!

Yup, this is exactly what I have been shouting about for weeks now and expected would eventually happen. I am happy that you are a white hat and didn't take control of the accounts for yourself to profit from.

I believe it is better to push away new users with less user friendly registration (that forces them to use a randomly generated key that they must store securely and use password managers to manage) than to bring them aboard easily only to completely piss them off when their account or funds are stolen [1]. It is our job to make it as user-friendly as possible and to provide great resources educating users how to generate and manage random high-entropy passwords. But I don't agree with compromising their security because it is "too hard" and we don't want to lose them as new users.

[1] Although the new recovery feature allows them to get their account back. Most funds are usually locked in the time-locked Steem Power, so hopefully not too much financial damage would be done by the time they recover their account. And there are plans for a user opt-in and configurable time-locked savings account to even protect their more liquid STEEM and Steem Dollar funds from being stolen by hackers assuming they recover their account in a few days.

Its a cool concept, but I'm sorry, I call BS. 

I have looked at the code that handles hashing, salting and encrypting passwords before they are placed into the block chain and I can say with 99.5% certainty that you did not accomplish the hack you claim to have.

In theory it is possible, but the computational complexity of uncovering even 1 of the passwords from the blockchain would be more difficult that mining the largest amount held by any user on the block chain.

Sorry to hurt your feelings and call you out, but if you are to fool this community you are going to need to prove that you a. have the knowledge required to mount such a large scale offline attack, and b. you would have mentioned the actual difficulty of doing so.

Thanks, I guess?

Hm. I vote that you continue to do this and make posts about how you did it, and what recommendations you made. 

I promise I will upvote you every time I see it :P 

You're the first white hat I've seeing doing these sorts of white hat things in crypto since I got in the game a year ago!

i changed it now

Up vote for space balls photo

Very interesting, so is this just a problem with user-generated passwords?

Thanks
*CG*

The SpaceBalls is the my favorite movie :)

This is why I proposed 2FA. I understand 2FA is hard to implement on the blockchain but as the saying goes "when there is a will there is a way". I feel very unsafe on this platform without 2FA. Please read this https://steemit.com/steemit/@domavila/two-factor-authentication-and-why-we-need-it-now

Amazing work and really making a difference in how we all move forward in the world.