RE: News of fake Steem Engine + compromised accounts. Be careful people! + Question about Changing Recovery Accounts

Definitely worth mentioning. So, in the meantime, the old recovery account remains active, right?

I understand the reason for this 30 days window, so a hacker won't be able to quickly change the recovery account too. Then a compromised account would be completely at the mercy of the hacker.