image source: my cat looking regal AF
I've been seeing that people are getting locked out of their accounts after clicking malicious links left in their replies. Apparently, the link takes you to a spoofed Steemit login screen and asked for your credentials - where it then allows the attacker to log on and do what they wish. Often spamming more malicious links via commenting, emptying your SBD wallet and powering down your SP, you'll be left wondering how to reset your PW and minimize the damage to your reputation and financial loss.
Remember, be wary about clicking through links from strangers, and for God's sake, don't enter your credentials if the address isn't legit. Look at the address bar and make sure it's https://www.steemit.com and not something fishy, such as www.steemit.ghyksbf.krill.nz, which is a indicator that someone has spoofed the login page and installed it on a hacked domain/server somewhere.
Be safe, never give out your master PW or any of your private keys.