just opened my email account @ gmail and found out that my BigStock account has been hacked because I have an email from BigStock saying that my email address was changed to [email protected]

entered BigStock and it looks like the hacker got a plan that now has 98 credits and downloaded 16 pictures already

after logging out I can't log in anymore because they changed the password

cool stuff BigStock

Woah, that's a problem. Keep us posted.

Quote from: Mantis on February 10, 2014, 01:19
Woah, that's a problem. Keep us posted.

Hi Luis Santos,

Your account email address at Bigstock has been changed to [email protected].

Please use this new email address when logging into your Bigstock account. If you did not request this change or have any questions, just reply to this email.
   
   

Cheers,
The Bigstock Team
http://www.bigstockphoto.com

just replied, will see how it goes

Eek! That's crazy

Pretty gutsy for the thief to use a fraud.su name. Wonder why that didnt send a red flag to bigstock? Hope you get it straightened out.

Quote from: cathyslife stockphotos.com on February 10, 2014, 01:26
Pretty gutsy for the thief to use a fraud.su name. Wonder why that didnt send a red flag to bigstock? Hope you get it straightened out.

yeah, quite an usual name for hackers looking at google results

Hey Luis, I hope you thought about changing all of your passwords!  Sorry that happened to you, and I hope you can let us know that Bigstock is standing by you.

Yea, I thought that name was strange... I think some of these hackers do this to get hired somewhere.

My best to you also Luis


My Very Best
KimsCreativeHub.com

Have you used one of those third party tools / apps which require you to effectively give them your login details ? Or logged in using public or open wifi ?

Quote from: bunhill on February 10, 2014, 08:10
Have you used one of those third party tools / apps which require you to effectively give them your login details ? Or logged in using public or open wifi ?

no, I always login from the same IP, BigStock is now checking this out

6 days now

a few replies but still cannot log in and portfolio not online as well, not great indeed, even if they are being extra safe it is taking too long IMO

Quote from: luissantos84 on February 16, 2014, 01:34
6 days now

a few replies but still cannot log in and portfolio not online as well, not great indeed, even if they are being extra safe it is taking too long IMO

it sucks that an agency couldn't [wouldn't] quickly fix your account.  Maybe it's possible that they are trying to use your account to find the person involved and can't say anything. Who knows.  I hope they get it resolved soon, Luis.  Just SUCKS! 

It's a federal holiday here in the U.S. on Monday and some offices are closed too.  Not sure about BS but it could delay results further too.  I hope they get it resolved for you soon.

important notice

BigStock just sent me an email saying they believe it was a breach due to a website, I highly recommend you guys (contributors) to check if there is any place in the internet with your FTP credentials, I don't know how but there is one site that is displaying my username/email/password for over 20 agencies, really insane, somebody must have given that information, BigStock believes it was a third party service that uploads our images to multiple stock agencies but the most weird is that I never use that type of services, always on my pc and with filezilla

Quote from: luissantos84 on February 19, 2014, 16:09
important notice

BigStock just sent me an email saying they believe it was a breach due to a website, I highly recommend you guys (contributors) to check if there is any place in the internet with your FTP credentials, I don't know how but there is one site that is displaying my username/email/password for over 20 agencies, really insane, somebody must have given that information, BigStock believes it was a third party service that uploads our images to multiple stock agencies but the most weird is that I never use that type of services, always on my pc and with filezilla

This is concerning. Just because of this very reason, I never signed up or used any third party uploaders/sales report programs. This is just scary.

Do you know which "site" it was? How do you know that it was for over 20 agencies if you dont mind me asking?

on the famous http://pastebin.com/

this is quite a serious matter, don't know what I can do but this should be investigated properly

other contributor, it never ends, tons of txts loaded with this information

FileZilla warns of large malware campaign

QuoteSpoofed versions of the open source FTP program circulating on third-party websites are designed to steal log-in credentials

guess I won't use it again, will stick with agency uploader(s)

Quote from: luissantos84 on February 19, 2014, 18:23
guess I won't use it again, will stick with agency uploader(s)

Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)

Quote from: Jo Ann Snover on February 19, 2014, 18:45

Quote from: luissantos84 on February 19, 2014, 18:23
guess I won't use it again, will stick with agency uploader(s)

Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)

how can we be sure that those aren't going to be hacked?

Looks like windows FTP upload is the safest way!

Quote from: luissantos84 on February 19, 2014, 18:55

Quote from: Jo Ann Snover on February 19, 2014, 18:45

Quote from: luissantos84 on February 19, 2014, 18:23
guess I won't use it again, will stick with agency uploader(s)

Or FTP software like Fetch (Mac) or FTP Voyager (what I used to use on Windows pre 2008)

how can we be sure that those aren't going to be hacked?

In the case of Fetch, because the data that would be of interest to hackers isn't stored centrally anywhere (it's on my systems behind a firewall) and the software lives on my Macs having been purchased from a developer who would, I trust, inform users if somehow an update contained malware.

I stopped using Filezilla ages ago, when finding that all sensitive data is stored in plain text files on local pc. I always had antivirus, firewall and every imaginable security feature but I still didn't like how Filezilla developers actively refused to introduce some sort of encryption to login data - saying that its user's responsibility. I've been very happy with CuteFTP Pro since then

I didn't want to say anything because of past debates about Mac and security. But here's in the news:  http://news.yahoo.com/apple-readies-security-fix-mac-ios-flaw-214138710.html

"Cluley said Apple's iOS update fixed "a critical vulnerability that could allow hackers to intercept what should have been secure communications between your iPhone and SSL-protected websites. That means, potentially, online attackers could grab your user ID or passwords as you attempted to log into popular websites."

Do you have a Mac Luis?

As for Filezilla, if you download from a trusted site, like the source, it's fine. If you just search for "downlad filezilla" you could be at risk. I use cnet.com or tucows. But don't blame the software product for something that's got another cause.

Here's one cause: Trojan.Silentbanker is a Trojan horse that records keystrokes, captures screen images, and steals confidential financial information to send to the remote attacker.  Make sure your computer isn't still infected (if it was?)

Just because something steals passwords from one software, don't assume it was THAT software that caused it. Most of the time people get attacked by visiting infected sites or opening a file with the trojan built into something innocent looking.

But no matter what, run a virus software that checks before loading the system files, (in safe mode for you Windows users) or it can just regenerate itself on the next boot.