MicrostockGroup

I read on Nicolesy's facebook that Istockphoto is down:

RT @kkthompson: There is a phishing attack happening against iStockphoto. We've taken down the site as a precaution.

I hope it's not taking to long

Boy, if I were exclusive, I'd be seriously pissed right about now...

I feel for the IT guys there, probably a long night ahead of them. 

Dam*n hackers. Shoot them all those miserable f*cks! 

Very strange.
1. For a _real_ phishing attacks IS seems to be too small of a target. Big bad guys do not waste their time on something like this.
2. For _any_ type of phishing attack - how can taking site down help?

And to helix7 - phishing attacks compromise passwords only for those who got phished

I wouldn't call that obvious at all.  Moreover, I bet there are a lot of exclusives who hadn't given it much thought before an incident like this.  Just because something can be predicted doesn't mean it will be, at least not by everybody.

I'd guess it helps prevent hackers from using the stolen credentials and take the money.

Why? S**t happens and the attack could have happened anywhere, I'm just thankful and impressed istock dealt with it so quickly and efficiently.

Yes it might dent yesterday's sales but closing the site isolated the problem and stopped it becoming a major issue!

OMG I was constantly logged out of Istock yesterday, like someone was loggin in from another computer. 

Correction.  It was links sent to members in sitemail an forums, so it was just phising, and not whatever xss stuff you're talking about.

I got a warning notice from Lookstat to change my passwords last night, but nothing from IS now that you mention it. 

and what is XSS anyway?

In simple words:
Phishing - you are tricked to go to different site
XSS - somebody puts the code on IS that (may) share all your data

You can defend yourself from (1) by never using insecure login on IS (do not use one on top of the page, go to a separate login page, and always check "secure" icon in your browser), but the only defense from (2) is to disable javascript - and this in turn will make IS unusable.

Yes, because in simple terms, only people who logged in to the fake site are at risk, no one else!

This afternoon a phishing attack was conducted in the forums and through sitemail. This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page.

Unless you logged in to forums or sitemail, during the afternoon, there's nothing to panic about.

I have a different password for each agency, which is a good idea if you want to make yourself fell better, should someone actually break into a database. I have a notebook with my passwords, so I don't forget them.  Could just be a sign of old age?