My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
Maybe you are less conscientious and have entered the phishing link, if you only pay attention to the private key and do not pay attention to the link you go to, then most likely you have entered into the trap. I've been long time using wallets that use private keys and I have no problems there.
Yes phising link was so rampant nowadays, and in order to avoid that you should make your pc security into strong barriers. You're the ones whose responsible for everything that happens with your coins stored in your wallet. Keeping the private keys offline is the better ways and avoid them be exposed to public and even with your google mails its not safe unless you have an authenticator log in. Make sure to log in in a safe zone on your mew, bookmark it in your browser is the simple ways to do it prior access.