Awww I am very sorry to hear that. Often you may not even be aware you clicked on a link to an external site, the password phishing sites are you usually set up to look exactly like steemit.com and have the same URL minus one letter that is different but looks similar. Usually the way it works is that you clicked on a comment that had a link to another steemit post... only it wasn't actually a link to a post on steemit, but rather to a post on a nearly identical website that looked just like steemit. Then the fake site asks you to log in, and when you do they have your password. I have to ask - presumably someone else already has talked to you about this, but are you aware that you should never, ever use your active or master key to log in to the website? Make sure you are only using your posting key to log in to the website, reserving use of your active key ONLY for when you are making a transfer or doing something else in your wallet that requires active key permission, and even then only after confirming you are actually at steemit.com or whatever other front end you like. If you follow that simple step of only using your posting key to log in, you can never have your account hacked like this.

Very sorry and good luck :(