Hello, I am following the forum for a while greetings to everyone!

A post with a similar subject "Istock is hacked" appeared on the istock forums few days ago. This thread is not live anymore, it was quickly deleted, despite several people answered to it. Someone was saying he registered on istockresseller to see if they have our non-watermarked files on their servers.

I decided to check out that as well, so here is my experience:
_I registered with istockresseller and received a $2 bonus within 1 hour of registration.
_with that $2 bonus I was able to purchase and download from their site an xsmall non-watermarked image of one of my files which I uploaded to istock only few days ago.
_the purchase instantly appeared on my istock account as an xxl file download and the royalty received was $11.

I double checked the sale with istock's customer support and they said the download and the received royalty is correct.

How is that istockresseller got hold of non-watermarked images? Shouldn't we get protection for our images on istock? Does Istock really do not know that their website is hacked? I am wondering what is happening here?

Any ideas on what to do? I feel robbed.

Thanks.

I've noticed my recent uploads flying onto that site. It has been reported several times on the iStock forum, usually deleted soon afterwards. Apparently they're working on it. Don't know why it's taking so long. You'd think they'd get Getty's big money lawyers onto it.

But you paid $2 and it showed up as a XXL sale netting your $11? If that wasn't an incredible timing coincidence, you're quids in. That can hardly be the sales model. The trouble with CR is so often getting the cookie cutter 'that is the correct amount', which I got one time to a totally different question.

Thanks for the link, I didn't know about this blog.
It is worrying that the scam site has access to non-watermarked images. Which in my opinion means that this scam is more than just cross linking.

Several contributors have used the $2 that gets added to most new accounts to download their own images - so no credit card changed hands. The site had PayPal before iStock got their account closed - the site you buy from gets no info about how payment was made. After that the contributors who tried to sign up got an "under construction" page for payments. I think I read something about another payment processor showing up - PayPal-like, but not.

I'm not signing up to do experiments, but there should be no credit card detail issues. And you can always get those throwaway numbers for sites you're not sure of.

Unfortunately the paypal function is up and running again on the scam site. I also don't feel experimenting with this any further, but someone from istock should definitely see why paypal has unblocked their account.

If thats true, you can buy all your images for 2$ a pop and make a 9$ profit. Wow....

Yeah why would you feel robbed receiving 500% more royalties then you should?

I don't see it.  Still says "Under construction".

Actually even better, they say: Under Contruction , they must have typed it fast in their urge not to get sued

Quote from: Poncke on November 29, 2012, 13:18

If thats true, you can buy all your images for 2$ a pop and make a 9$ profit. Wow....

Yeah why would you feel robbed receiving 500% more royalties then you should?

Doesn't matter how much the amount is, istock will send an email for a refund soon. The point/problem here is how is possible that a scam site got hold and sells our images from istock and with no watermarks.

Doesn't matter how much the amount is, istock will send an email for a refund soon. The point/problem here is how is possible that a scam site got hold and sells our images from istock and with no watermarks.

Great, so some of the few pitiful sales I've gotten lately at Istock aren't even real, and they will take that money back?  Great.  Happy Holidays again from your friends at Istock. 

That reminds me.
Why dont I get some software that can access the national bank, and have them issue banknotes to me.

I mean. This is fraud on the highest level, and can iStock not prevent it from happening, they should better close the shop.
As it is now they are spreading our images all over the world and undermining both us and the whole business.

And they dare refund us!

Re that site, from the contributer newsletter:
"Our legal team continues to investigate this matter and we will keep you updated. That being said, please consider this a reminder to guard your iStockphoto credentials carefully. Do not use your iStock log in details at any other sites, and consider changing your passwords from time to time.

And while we�re on the topic of fraud, let�s talk about refunds. There is a lot of discussion in the forums about refunds at iStockphoto being �higher than normal� due to credit card fraud. This is simply not the case. We have a very robust set of fraud detection systems in place, and, in fact, our credit card fraud rates are below the standards set by the credit card companies."

Quote from: ShadySue on November 29, 2012, 18:11

Re that site, from the contributer newsletter:
"Our legal team continues to investigate this matter and we will keep you updated. That being said, please consider this a reminder to guard your iStockphoto credentials carefully. Do not use your iStock log in details at any other sites, and consider changing your passwords from time to time.

And while we�re on the topic of fraud, let�s talk about refunds. There is a lot of discussion in the forums about refunds at iStockphoto being �higher than normal� due to credit card fraud. This is simply not the case. We have a very robust set of fraud detection systems in place, and, in fact, our credit card fraud rates are below the standards set by the credit card companies."

Thats an utter fallacy.

If the CC companies have a 1% standard and istock figures went up from say 0.3 to 0.9 percent everybody would notice the 0.6% increase. So being below standards doesnt mean there was no increase.

Maybe refunds are 'higher than normal' because more buyers are requesting refunds for whatever reason (no zoom; higher prices, Jupiter aligning with Mars ...)

Re that site, from the contributer newsletter:
"Our legal team continues to investigate this matter and we will keep you updated. That being said, please consider this a reminder to guard your iStockphoto credentials carefully. Do not use your iStock log in details at any other sites, and consider changing your passwords from time to time.

And while we�re on the topic of fraud, let�s talk about refunds. There is a lot of discussion in the forums about refunds at iStockphoto being �higher than normal� due to credit card fraud. This is simply not the case. We have a very robust set of fraud detection systems in place, and, in fact, our credit card fraud rates are below the standards set by the credit card companies."

I'm one of them who used their $2 promotion to buy an XS of my own -- a newly uploaded file, in my portfolio for one day, no views.  MyUploads, open in another window at the time, immediately showed a download of an XL, the largest size available for me.  iStock was notified.  I haven't seen a refund yet.  This was 11 days ago.  My purchase from istockreseller was done in an incognito window, with no cookies or caching or history or IP information going to them, with a throw-away account that has no connection to my real name or email address.  They have no paypal info or credit card info from me, and I've received no other emails from them or anyone else (which frankly surprised me, as I expected a boatload of spam).  The downloaded file went immediately into the trash without being opened (who knows what they might have embedded in them). 

With several people doing this now and providing all the detail to iStock (and one would assume iStock would be doing this to, to track the payer of these), I question the "very robust set of fraud detection systems".  Someone is paying for these large size purchases from iStock.  I still believe that if this happened to Amazon or BestBuy or your bank, this would not still be going on almost a month after first being reported.  Can it be that difficult to track where it's coming from when they get paid for these?

I understand some of the responses and Sean's blog post -- no, the site probably hasn't been "hacked" -- but someone is getting our images.  This is taking the fun out of getting downloads, because now I instantly wonder if they are legitimate, and if I will find myself going into the hole after the next payout (I also don't understand the time delay for the refunds).

Quote from: ShadySue on November 29, 2012, 18:11

Re that site, from the contributer newsletter:
"Our legal team continues to investigate this matter and we will keep you updated. That being said, please consider this a reminder to guard your iStockphoto credentials carefully. Do not use your iStock log in details at any other sites, and consider changing your passwords from time to time.

And while we�re on the topic of fraud, let�s talk about refunds. There is a lot of discussion in the forums about refunds at iStockphoto being �higher than normal� due to credit card fraud. This is simply not the case. We have a very robust set of fraud detection systems in place, and, in fact, our credit card fraud rates are below the standards set by the credit card companies."

I'm one of them who used their $2 promotion to buy an XS of my own -- a newly uploaded file, in my portfolio for one day, no views.  MyUploads, open in another window at the time, immediately showed a download of an XL, the largest size available for me.  iStock was notified.  I haven't seen a refund yet.  This was 11 days ago.  My purchase from istockreseller was done in an incognito window, with no cookies or caching or history or IP information going to them, with a throw-away account that has no connection to my real name or email address.  They have no paypal info or credit card info from me, and I've received no other emails from them or anyone else (which frankly surprised me, as I expected a boatload of spam).  The downloaded file went immediately into the trash without being opened (who knows what they might have embedded in them). 

With several people doing this now and providing all the detail to iStock (and one would assume iStock would be doing this to, to track the payer of these), I question the "very robust set of fraud detection systems".  Someone is paying for these large size purchases from iStock.  I still believe that if this happened to Amazon or BestBuy or your bank, this would not still be going on almost a month after first being reported.  Can it be that difficult to track where it's coming from when they get paid for these?

I understand some of the responses and Sean's blog post -- no, the site probably hasn't been "hacked" -- but someone is getting our images.  This is taking the fun out of getting downloads, because now I instantly wonder if they are legitimate, and if I will find myself going into the hole after the next payout (I also don't understand the time delay for the refunds).

^^^ Brilliant post Karen, thanks for sharing your experience. I really, really don't understand what is actually going on here.

Perhaps iStock is preparing some legal action and need to lay low while they do so. that would explain the deleted threads.
One can hope.

Perhaps the scam site is doing the same thing, collecting information until they get shut down and then going to pillage and plunder with all the information they have gathered.

Good work! Let's hope it helps.

I think all of us should write an email to CloudFlare, which looks like a legitimate company, and tell them they are hosting a fraud site that is selling illegal copyrighted content.

If we all flood CloudFlare's abuse box with threatening emails I can imagine the site with be taken down in less than 24 hours.

We should also send emails to GoDaddy informing them they have registered a domain for someone that is using it to commit fraud.

Hopefully GoDaddy will lock the domain soon as well.

My emails are already sent to both entities already. The more the better though. Please join the effort and send emails as well.

If we can get this domain locked and the site taken down then its game over for these fraudsters.

Obviously whatever efforts iStock has made to take the site down has been unsuccessful so far as the site is still up and running as of now. If you want to protect your work then I think you should all make a joint effort to get the site taken down as soon as possible.

If thats the case I still think they would have an interest in discontinuing service to a site that is using their service for fraud. Godaddy should also be interested in locking the domain for the same reason.

How else can we find out then where the site is actually being hosted?

As a result, this site sounds like some sort of group that is trying harm iStock and resell iStock content without harming its contributors.

That makes sense.  I just couldn't see why they would bother paying money or even making it look as if they were paying money.

It seems the most plausible answer is that the people behind this illegal site have obtained an illegitimate API access key somehow which allows them to get access to any contributor content they want on the iStock site for free.

That doesn't sound plausible at all.  If they wanted content, they could download it all without setting up a site somewhere under your guess.

Now, perhaps they have gained usernames and passwords somewhere, so that every time they download an image, it is on a different account.

By the way, the nameservers changed in the last few days.  They were located in Vietnam, and also the welcome email was reported to be from there as well.

The HostGator thing was me.  I found a link on their site that returned a hostgator error page.  Can't find it now.

Reply from abuse @ cloudflare.com. Although they can't take the site down they can stop providing service to the site:

"Please complete the abuse/phishing reporting form located here to
submit your report --> https://www.cloudflare.com/abuse/

Future abuse/phishing reports will only be accepted via that form.

Please provide specific and direct URLs to the content you claim to be
infringing. Lack of specific details may result in the report being
denied.

Note -- CloudFlare is NOT a web host for this or any other website. We
don't provide web hosting services for any site except for
cloudflare.com. We have no way to remove content from a website."

That doesn't sound plausible at all.  If they wanted content, they could download it all without setting up a site somewhere under your guess.

Now, perhaps they have gained usernames and passwords somewhere, so that every time they download an image, it is on a different account.

It seems they setup the site not to download, but to resell content they steal from iStock. Yes, downloading could be done without a site of course. But it seems they want to make money reselling the stolen content, thus the site.

They could also be using stolen usernames and passwords of buyer accounts that have credits in order to download files illegally as you suggested, but that would likely mean that every time a buyer tries to buy a stolen file through istockreseller that it would have to first be manually downloaded by the thieves and then sent to the buyer later.

I haven't surfed the illegal site myself to see how it works, but the download process is more likely immediate and not delayed, which would suggest it is an automated process using a script and a hacked API key of some sort to obtain the file in real time and then provide it to the buyer when a file is chosen and downloaded from the illegal site.

It doesnt explain how you can get an XS image for 2$ and see a XL DL for 11$.

It doesnt explain how you can get an XS image for 2$ and see a XL DL for 11$.

My assumption is that the scammer is buying the largest size (that happened with all the test sales that I'm aware of; XS purchased from scammer, XL downloaded from IS) to resell in the future. I'm also assuming that there will be a refund for the XL once IS sorts out the paperwork. I haven't heard of anyone getting the refund yet

I think that's the point. The hackers seem to have found a security hole that maybe iStock isn't even aware exists and that's why iStock can't plug it.

It doesnt explain how you can get an XS image for 2$ and see a XL DL for 11$.

My thought is its a subscription account, so the cost is 'less'.

F*^%$! I wasn't going to visit the site so as to not provide them traffic, but now that I've taken a quick look, I want this sorted yesterday. Here we go.

------------------------------------------------
MATTHEW PRINCE - co-founder and CEO of CloudFlare:

http://www.linkedin.com/in/mprince

"Attorney and corporate executive with substantial writing and public speaking experience. Substantial work with government and law enforcement officials in the United States and abroad."

Member of "Anti-fraud experts" and other internet security bodies.

QUESTION: How will Mr Prince look to his customers, clients and associates in the legal world when it becomes known his company is providing services to the very fraudsters he purports to fight?
------------------------------------------------

Will post more as info comes in. Don't stand by, people, take action. You only have yourselves to blame if your property is stolen from you while you do nothing about it.

Makes you wonder how long this type of fraud has been going on @istock and it could explain the long history of charge backs.

Karma is a bitch when ypu stab so many in the back.

It could even be a former employee who got the shaft; in lew of the usual scum who atract scum scenario.

Here's a better idea: tell Apple they are using their logo for iPhoto on their website. Maybe Apple will move in on them faster.