MicrostockGroup Sponsors


Author Topic: account hacked ???  (Read 13564 times)

0 Members and 1 Guest are viewing this topic.

« on: February 09, 2014, 20:16 »
+1
just opened my email account @ gmail and found out that my BigStock account has been hacked because I have an email from BigStock saying that my email address was changed to ryan@fraud.su

entered BigStock and it looks like the hacker got a plan that now has 98 credits and downloaded 16 pictures already

after logging out I can't log in anymore because they changed the password

cool stuff BigStock ;D



« Reply #1 on: February 09, 2014, 20:19 »
+2
Woah, that's a problem. Keep us posted.

« Reply #2 on: February 09, 2014, 20:21 »
0
Woah, that's a problem. Keep us posted.

Hi Luis Santos,

Your account email address at Bigstock has been changed to ryan@fraud.su.

Please use this new email address when logging into your Bigstock account. If you did not request this change or have any questions, just reply to this email.
   
   

Cheers,
The Bigstock Team
http://www.bigstockphoto.com


just replied, will see how it goes :)

« Reply #3 on: February 09, 2014, 20:25 »
+1
Eek! That's crazy

« Reply #4 on: February 09, 2014, 20:26 »
+1
Pretty gutsy for the thief to use a fraud.su name. Wonder why that didnt send a red flag to bigstock? Hope you get it straightened out.

« Reply #5 on: February 09, 2014, 20:33 »
0
Pretty gutsy for the thief to use a fraud.su name. Wonder why that didnt send a red flag to bigstock? Hope you get it straightened out.

yeah, quite an usual name for hackers looking at google results ;D

« Reply #6 on: February 09, 2014, 21:35 »
0
Hey Luis, I hope you thought about changing all of your passwords!  Sorry that happened to you, and I hope you can let us know that Bigstock is standing by you.

« Reply #7 on: February 10, 2014, 01:35 »
0
Yea, I thought that name was strange... I think some of these hackers do this to get hired somewhere.

My best to you also Luis


My Very Best :)
KimsCreativeHub.com

« Reply #8 on: February 10, 2014, 03:10 »
0
Have you used one of those third party tools / apps which require you to effectively give them your login details ? Or logged in using public or open wifi ?
« Last Edit: February 10, 2014, 04:54 by bunhill »

« Reply #9 on: February 10, 2014, 06:16 »
0
Have you used one of those third party tools / apps which require you to effectively give them your login details ? Or logged in using public or open wifi ?

no, I always login from the same IP, BigStock is now checking this out

« Reply #10 on: February 15, 2014, 20:34 »
+4
6 days now

a few replies but still cannot log in and portfolio not online as well, not great indeed, even if they are being extra safe it is taking too long IMO

« Reply #11 on: February 15, 2014, 21:34 »
+5
6 days now

a few replies but still cannot log in and portfolio not online as well, not great indeed, even if they are being extra safe it is taking too long IMO

it sucks that an agency couldn't [wouldn't] quickly fix your account.  Maybe it's possible that they are trying to use your account to find the person involved and can't say anything. Who knows.  I hope they get it resolved soon, Luis.  Just SUCKS! 

« Reply #12 on: February 15, 2014, 22:49 »
0
It's a federal holiday here in the U.S. on Monday and some offices are closed too.  Not sure about BS but it could delay results further too.  I hope they get it resolved for you soon.

« Reply #13 on: February 19, 2014, 11:09 »
0
important notice

BigStock just sent me an email saying they believe it was a breach due to a website, I highly recommend you guys (contributors) to check if there is any place in the internet with your FTP credentials, I don't know how but there is one site that is displaying my username/email/password for over 20 agencies, really insane, somebody must have given that information, BigStock believes it was a third party service that uploads our images to multiple stock agencies but the most weird is that I never use that type of services, always on my pc and with filezilla

stockphoto-images.com

« Reply #14 on: February 19, 2014, 11:24 »
0
important notice

BigStock just sent me an email saying they believe it was a breach due to a website, I highly recommend you guys (contributors) to check if there is any place in the internet with your FTP credentials, I don't know how but there is one site that is displaying my username/email/password for over 20 agencies, really insane, somebody must have given that information, BigStock believes it was a third party service that uploads our images to multiple stock agencies but the most weird is that I never use that type of services, always on my pc and with filezilla
This is concerning. Just because of this very reason, I never signed up or used any third party uploaders/sales report programs. This is just scary.

Do you know which "site" it was? How do you know that it was for over 20 agencies if you dont mind me asking?

« Reply #15 on: February 19, 2014, 11:26 »
+1
on the famous http://pastebin.com/

this is quite a serious matter, don't know what I can do but this should be investigated properly

« Reply #16 on: February 19, 2014, 12:10 »
+1
other contributor, it never ends, tons of txts loaded with this information


« Reply #17 on: February 19, 2014, 13:11 »
+2
FileZilla warns of large malware campaign

Quote
Spoofed versions of the open source FTP program circulating on third-party websites are designed to steal log-in credentials

« Reply #18 on: February 19, 2014, 13:23 »
0
guess I won't use it again, will stick with agency uploader(s)

« Reply #19 on: February 19, 2014, 13:45 »
+1
guess I won't use it again, will stick with agency uploader(s)

Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)

« Reply #20 on: February 19, 2014, 13:55 »
0
guess I won't use it again, will stick with agency uploader(s)

Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)

how can we be sure that those aren't going to be hacked? ;D

fritz

  • I love Tom and Jerry music

« Reply #21 on: February 19, 2014, 13:59 »
0
Looks like windows FTP upload is the safest way!

« Reply #22 on: February 19, 2014, 15:24 »
0
guess I won't use it again, will stick with agency uploader(s)


Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)


how can we be sure that those aren't going to be hacked? ;D


In the case of Fetch, because the data that would be of interest to hackers isn't stored centrally anywhere (it's on my systems behind a firewall) and the software lives on my Macs having been purchased from a developer who would, I trust, inform users if somehow an update contained malware.
« Last Edit: February 19, 2014, 15:41 by Jo Ann Snover »

« Reply #23 on: February 19, 2014, 15:32 »
+3
I stopped using Filezilla ages ago, when finding that all sensitive data is stored in plain text files on local pc. I always had antivirus, firewall and every imaginable security feature but I still didn't like how Filezilla developers actively refused to introduce some sort of encryption to login data - saying that its user's responsibility. I've been very happy with CuteFTP Pro since then :)

Uncle Pete

« Reply #24 on: February 24, 2014, 21:54 »
+1
I didn't want to say anything because of past debates about Mac and security. But here's in the news:  http://news.yahoo.com/apple-readies-security-fix-mac-ios-flaw-214138710.html

"Cluley said Apple's iOS update fixed "a critical vulnerability that could allow hackers to intercept what should have been secure communications between your iPhone and SSL-protected websites. That means, potentially, online attackers could grab your user ID or passwords as you attempted to log into popular websites."

Do you have a Mac Luis?

As for Filezilla, if you download from a trusted site, like the source, it's fine. If you just search for "downlad filezilla" you could be at risk. I use cnet.com or tucows. But don't blame the software product for something that's got another cause.

Here's one cause: Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.  Make sure your computer isn't still infected (if it was?)

Just because something steals passwords from one software, don't assume it was THAT software that caused it. Most of the time people get attacked by visiting infected sites or opening a file with the trojan built into something innocent looking.

But no matter what, run a virus software that checks before loading the system files, (in safe mode for you Windows users) or it can just regenerate itself on the next boot.

« Reply #25 on: February 25, 2014, 08:26 »
+1
guess I won't use it again, will stick with agency uploader(s)

Did not hack FileZilla they hacked you whole computer. Passwords you stored for FileZilla in unencrypted files. They have everything that was not encrypyed on your whole computer.

« Reply #26 on: February 25, 2014, 12:24 »
+2
Filezilla usernames and passwords are indeed saved on your harddisk in plain  text. (C: Users/(your username)/Appdata/Roaming/Filezilla/Sitemanager.xml)
But data (usernames and passwords included) are also send over the internet unencrypted.
(That is with all FTP software afaik. It is possible to make a secured connection with FTP, but  not with the stockagencies. This must be done from both sides. They all use standard FTP and that is not encrypted. Correct me if I am wrong.)

For better safety you can choose to not save the passwords in Filezilla (or other FTP client), but to use software like Keepass and copy and paste your passwords each time when you need them. Delete the logs afterwards.

Or install a portable version of FTP client on usb-stick and start from there. This way passwords are not saved on your harddisk. (Of course this method is useless when you have your usb-stick added to your computer all the time.)

But using all these solutions, this way the usernames, passwords and data are still send unencrypted over the internet. So perhaps the best (but also most timeconsuming) solution is logging in at an agency and using their upload features.

Filezilla is opensource software, so when data should be encrypted, info about the encryption is also open. As the maker says about this: It is not a bug, it is a feature.

By the way: When someone has got access to the useraccount on your computer it is also possible to make your saved passwords visible in Firefox. To avoid people from doing so, you can set a masterpassword in Firefox. (You can find this in: Extra/Options/Safety)
I am not sure about how other browsers handle this.

« Reply #27 on: February 25, 2014, 12:27 »
+1
guess I won't use it again, will stick with agency uploader(s)

Did not hack FileZilla they hacked you whole computer. Passwords you stored for FileZilla in unencrypted files. They have everything that was not encrypyed on your whole computer.

easy man, I don't have sex tapes or other ;D

« Reply #28 on: February 25, 2014, 12:30 »
+1
Do you have a Mac Luis?

As for Filezilla, if you download from a trusted site, like the source, it's fine. If you just search for "downlad filezilla" you could be at risk. I use cnet.com or tucows. But don't blame the software product for something that's got another cause.

don't have a Mac and I have downloaded Filezilla from their website not from a torrent somewhere, its freeware anyway ;D

case is solved and portfolio online for a few days

stockphotoeurope

« Reply #29 on: February 25, 2014, 12:48 »
+2
As Colette wrote, plain FTP - in use at every agency except Veer - transmits login and password unencrypted over the internet; and some web uploaders too. So it's easy for an hacker to capture that information not just from your pc but from packet sniffing.

So the only secure thing to do would be to use two different passwords, one for safe https login and one for FTP, but unfortunately most agencies don't; I guess hackers are more interested in stealing our money than uploading pictures to our account.
« Last Edit: February 25, 2014, 12:53 by stockphotoeurope »

« Reply #30 on: February 25, 2014, 12:56 »
0
As Colette wrote, plain FTP - in use at every agency except Veer - transmits login and password unencrypted over the internet; and some web uploaders too. So it's easy for an hacker to capture that information not just from your pc but from packet sniffing.

So the only secure thing to do would be to use two different passwords, one for safe https login and one for FTP, but unfortunately most agencies don't; I guess hackers are more interested in stealing our money than uploading pictures to our account.

which FTP program are you using?

stockphotoeurope

« Reply #31 on: February 25, 2014, 13:03 »
+1
which FTP program are you using?

Cross FTP. Because it works on Linux too, and while I use Windows for editing, I use an old Linux netbook for nighttime uploads: silent, energy-saving way to avoid keeping my main PC on at night.

Anyway, I don't think the FTP client makes any difference as far as safety is concerned.
« Last Edit: February 25, 2014, 13:33 by stockphotoeurope »

« Reply #32 on: February 25, 2014, 13:22 »
+1
About the why and who of the hacking I have no idea. It is done by accident I suppose. Hackers search for money. Stealing images doesn't make much sense, (although perhaps it is possible that some websites with dubious content get their unwatermarked images this way. There is a huge market for all sorts of data, so it is also sellable.)

People are always the weakest chain. When they find someone using the same password for all the agencies AND paypal account bingo!
The reason to try to avoid this is, of course, the trouble that it brings, not the risk of stolen images in the first place.
Most likely (or is it propably?) Luis has done nothing wrong, but only had bad luck.


Uncle Pete

« Reply #33 on: February 27, 2014, 02:37 »
+2
Absolutely no blame or criticism for Luis. I think the answer has been cleared up, what I was trying to say and didn't do very well, was anything that stores passwords unencrypted, Filezilla is one, and ftp itself has security issues.

Classical FTP clients, web page editors, file managers. Popular applications like DreamWeaver, CuteFTP, Total Commander, etc. account for majority of FTP credentials leaks. It's not limited to Filezilla.

I use ws_ftp which encrypts passwords but as has been pointed out, if someone hacks the site that I connect to, or reads the data transfer, or gets into my system and copies that file... I'm not any better off.

Glad to hear it was repaired. Hope to not hear any more of these from anyone else.

« Reply #34 on: August 02, 2016, 23:51 »
+1
Hi all,

My Bigstock account got hacked, similar to Luis, except the email and FTP is now newbielink:mailto:vladlen.gizzatullin.74@mail.ru [nonactive]. That's changed from my original email, and my earning have been taken too. I know this because the Bigstock account is open on another computer.

Can't log back in once I log out since the hacker changed my login password.

The forum is quite long. I shall try and read the threads, but if someone could help in the meantime, that'll be great.

Thanks in advance.
« Last Edit: August 03, 2016, 00:58 by sfe-co2 »

« Reply #35 on: August 03, 2016, 13:31 »
+1
Luis got burned by using filezilla FTP program, he contacted big stock and they restored his account.  Filezilla data dumps were posted online with lots of usernames/passwords in them.  I stopped using filezilla after this incident.

Contact big stock through their website, they should be able to restore your acct.

dbvirago

« Reply #36 on: August 04, 2016, 11:26 »
0
I just got an email from them saying that I can reset my password by following a link. The link was legit, but I had not requested my password be reset. I first went to the site and saw that I had been logged out and it wouldn't let me log in with my current password. I changed the password and sent them an email.

« Reply #37 on: August 04, 2016, 12:42 »
0
I changed my password at bigstock, cause someone changed the password from my girlfriend at bigstock. She resetted the password and now it works. But someone looked in her account, has now her adress and paypal-mail. Not good. She asked bigstock why this could happen and wait for a respond.

« Reply #38 on: August 04, 2016, 13:05 »
0
But when I tried to login a second time, it doesn't work. So bigstock thought I stealed my own password or what ?

So, I mailed the support and wait for an answer.
« Last Edit: August 04, 2016, 13:22 by redo »

« Reply #39 on: August 04, 2016, 15:18 »
0
I also could not log in as they would not accept my password. Had to change password and was able to log back in without issue. But, I am very concerned over personal info and how password was changed in the first place. Sent email to bigstock. Waiting for reply.... I am really hoping this was an internal glitch and not a hack.

« Reply #40 on: August 04, 2016, 16:37 »
0
I just received three emails from Bigstock:

- the first email prompts me to resetting my password and announces the second one
- the second email provides a link to reset my password
- the third email knows nothing about the first two and announces me that my password was changed and I should contact support if I didn't request the change.

After reading the first email, I was wondering if it was authentic but when I went to sign in with the old password, I couldn't so I was forced to changed it.

I changed my password at bigstock, cause someone changed the password from my girlfriend at bigstock. She resetted the password and now it works. But someone looked in her account, has now her adress and paypal-mail. Not good. She asked bigstock why this could happen and wait for a respond.

This is not a Bigstock problem, unfortunately it is much bigger than that. In this case you should change all passwords on the double, gmail, PayPal..........

Here is an interesting article about this year's compromised emails. You can check if yours was compromised here and/or here.
« Last Edit: August 04, 2016, 17:14 by Dodie »

dbvirago

« Reply #41 on: August 04, 2016, 18:17 »
0
Yeah, apparently I missed the first email, so all is good.

« Reply #42 on: August 04, 2016, 20:02 »
0
We got these e-mails today, too. Does anyone actually have knowledge of what the concerns are here? The e-mails were suspicious and we didn't act on any links in them. But we did end up having to request a password change and making it. 

« Reply #43 on: August 04, 2016, 22:00 »
0
I got the email too this morning. What alarms me is the lack of detail:

Dear Marina,

To make sure you continue having the most secure experience possible on Bigstock, we’re regularly monitoring our site and the Internet to keep your account information safe. As part of this routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Bigstock-related, we know that many customers reuse their passwords on multiple websites.

As a precaution, we would like to validate that your account information is up to date and accurate. You will be receiving a second email shortly with a link to reset your password.

If you have any additional concerns please contact Bigstock support.

Sincerely,

Bigstock Security Team


They are quick to say it's not Bigstock related - Who did it originate from then if it wasn't big stock? How many email an passwords are involved? Hundreds? Thousands? 

Bigstock is now part of Shutterstock - is it SS's fault? Is my SS account in danger too?

I don't trust these emails so I went to the site (did not click any link on any email) and changed my password that way.


« Reply #44 on: August 05, 2016, 02:02 »
0

They are quick to say it's not Bigstock related - Who did it originate from then if it wasn't big stock? How many email an passwords are involved? Hundreds? Thousands? 

Bigstock is now part of Shutterstock - is it SS's fault? Is my SS account in danger too?

I don't trust these emails so I went to the site (did not click any link on any email) and changed my password that way.

It's true, it is not BS related. I myself sent them an email on an irritated tone and now I regret it.

I left a link above about how these gangsters sell stolen accounts for 50 roubles.

Btw, how could you change your password without clicking on the link in the email? Once they send out the email they also block your account so you can't sign in with the old password any more?

« Reply #45 on: August 05, 2016, 04:25 »
0
Mine got hacked to. Today I received a message from Bigstock that my e-mail was changed to my original e-mail the one I always had with them. But I did not change anything. At the same time I got a message "Your Bigstock payout email address has been updated to (PayPal) "
This was around midnight. Then I logged in to Bigstock this morning and saw that there was a payout of over $450 on July 11th . But I never requested it and it never reached my paypal account.

« Reply #46 on: August 05, 2016, 05:27 »
0
So many of us - I failed to log in to Bigstock with my old password yesterday. Then saw the same password reset email. I reset and logged in without problems afterwards, my earnings are untouched and so is my paypal account. Sorry to read someone's payouts are gone :o

« Reply #47 on: August 05, 2016, 05:52 »
0
I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

« Reply #48 on: August 05, 2016, 08:53 »
0
I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

same here!

« Reply #49 on: August 05, 2016, 09:20 »
0
I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

Same here !

« Reply #50 on: August 05, 2016, 10:15 »
0
No reaction from bigstock, but for me problem solved. clicked->forgot password. after this I got mail from bigstock to reset the password. I can login with new password.

« Reply #51 on: August 05, 2016, 13:01 »
0
Got a response from them, their emails were legit.
Clicking on the link in the second email just leads to the "forgotten email" page anyway. Could have had that easier...

« Reply #52 on: August 05, 2016, 14:13 »
+1
I received an answer too, they are just protecting us.

Quote
We apologize for the confusion.

This was not a breach to the Bigstock database.

There have been high profile breaches that have been made public recently and we occasionally scan this data programmatically in an effort to protect our users. As a precaution, we have reset passwords on accounts that may or may not have been compromised.

We can confirm that data in your account does not appear to have been changed.

We see that you were able to change your password and login.

Please let us know if you have any additional questions.

Kindest regards,

« Reply #53 on: August 05, 2016, 16:01 »
0
We also got an answer from bigstock and resetted the passwords.


 

Related Topics

  Subject / Started by Replies Last post
33 Replies
6624 Views
Last post December 09, 2012, 20:39
by gostwyck
10 Replies
5166 Views
Last post December 13, 2015, 12:12
by stockastic
10 Replies
4451 Views
Last post November 18, 2016, 06:55
by Millionstock.com
4 Replies
2529 Views
Last post August 22, 2017, 10:47
by niktol
12 Replies
2269 Views
Last post December 06, 2018, 12:09
by CDPiC

Sponsors

Microstock Poll Results