My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
That is why you should check yhe website carefully before importing yung private key or key store. You can actually check whether it is a fake site or not by checking the website certificate or by using metamask.