Quote from: luissantos84 on February 19, 2014, 18:23
guess I won't use it again, will stick with agency uploader(s)

Did not hack FileZilla they hacked you whole computer. Passwords you stored for FileZilla in unencrypted files. They have everything that was not encrypyed on your whole computer.

Filezilla usernames and passwords are indeed saved on your harddisk in plain  text. (C: Users/(your username)/Appdata/Roaming/Filezilla/Sitemanager.xml)
But data (usernames and passwords included) are also send over the internet unencrypted.
(That is with all FTP software afaik. It is possible to make a secured connection with FTP, but  not with the stockagencies. This must be done from both sides. They all use standard FTP and that is not encrypted. Correct me if I am wrong.)

For better safety you can choose to not save the passwords in Filezilla (or other FTP client), but to use software like Keepass and copy and paste your passwords each time when you need them. Delete the logs afterwards.

Or install a portable version of FTP client on usb-stick and start from there. This way passwords are not saved on your harddisk. (Of course this method is useless when you have your usb-stick added to your computer all the time.)

But using all these solutions, this way the usernames, passwords and data are still send unencrypted over the internet. So perhaps the best (but also most timeconsuming) solution is logging in at an agency and using their upload features.

Filezilla is opensource software, so when data should be encrypted, info about the encryption is also open. As the maker says about this: "It is not a bug, it is a feature."

By the way: When someone has got access to the useraccount on your computer it is also possible to make your saved passwords visible in Firefox. To avoid people from doing so, you can set a masterpassword in Firefox. (You can find this in: Extra/Options/Safety)
I am not sure about how other browsers handle this.

Quote from: YadaYadaYada on February 25, 2014, 13:26

Quote from: luissantos84 on February 19, 2014, 18:23
guess I won't use it again, will stick with agency uploader(s)

Did not hack FileZilla they hacked you whole computer. Passwords you stored for FileZilla in unencrypted files. They have everything that was not encrypyed on your whole computer.

easy man, I don't have sex tapes or other

Quote from: Uncle Pete on February 25, 2014, 02:54
Do you have a Mac Luis?

As for Filezilla, if you download from a trusted site, like the source, it's fine. If you just search for "downlad filezilla" you could be at risk. I use cnet.com or tucows. But don't blame the software product for something that's got another cause.

don't have a Mac and I have downloaded Filezilla from their website not from a torrent somewhere, its freeware anyway

case is solved and portfolio online for a few days

As Colette wrote, plain FTP - in use at every agency except Veer - transmits login and password unencrypted over the internet; and some web uploaders too. So it's easy for an hacker to capture that information not just from your pc but from packet sniffing.

So the only secure thing to do would be to use two different passwords, one for safe https login and one for FTP, but unfortunately most agencies don't; I guess hackers are more interested in stealing our money than uploading pictures to our account.

Quote from: stockphotoeurope on February 25, 2014, 17:48
As Colette wrote, plain FTP - in use at every agency except Veer - transmits login and password unencrypted over the internet; and some web uploaders too. So it's easy for an hacker to capture that information not just from your pc but from packet sniffing.

So the only secure thing to do would be to use two different passwords, one for safe https login and one for FTP, but unfortunately most agencies don't; I guess hackers are more interested in stealing our money than uploading pictures to our account.

which FTP program are you using?

Quote from: luissantos84 on February 25, 2014, 17:56
which FTP program are you using?

Cross FTP. Because it works on Linux too, and while I use Windows for editing, I use an old Linux netbook for nighttime uploads: silent, energy-saving way to avoid keeping my main PC on at night.

Anyway, I don't think the FTP client makes any difference as far as safety is concerned.

About the why and who of the hacking I have no idea. It is done by accident I suppose. Hackers search for money. Stealing images doesn't make much sense, (although perhaps it is possible that some websites with dubious content get their unwatermarked images this way. There is a huge market for all sorts of data, so it is also sellable.)

People are always the weakest chain. When they find someone using the same password for all the agencies AND paypal account... bingo!
The reason to try to avoid this is, of course, the trouble that it brings, not the risk of stolen images in the first place.
Most likely (or is it propably?) Luis has done nothing wrong, but only had bad luck.

Absolutely no blame or criticism for Luis. I think the answer has been cleared up, what I was trying to say and didn't do very well, was anything that stores passwords unencrypted, Filezilla is one, and ftp itself has security issues.

Classical FTP clients, web page editors, file managers. Popular applications like DreamWeaver, CuteFTP, Total Commander, etc. account for majority of FTP credentials leaks. It's not limited to Filezilla.

I use ws_ftp which encrypts passwords but as has been pointed out, if someone hacks the site that I connect to, or reads the data transfer, or gets into my system and copies that file... I'm not any better off.

Glad to hear it was repaired. Hope to not hear any more of these from anyone else.

Hi all,

My Bigstock account got hacked, similar to Luis, except the email and FTP is now [email protected]. That's changed from my original email, and my earning have been taken too. I know this because the Bigstock account is open on another computer.

Can't log back in once I log out since the hacker changed my login password.

The forum is quite long. I shall try and read the threads, but if someone could help in the meantime, that'll be great.

Thanks in advance.

Luis got burned by using filezilla FTP program, he contacted big stock and they restored his account.  Filezilla data dumps were posted online with lots of usernames/passwords in them.  I stopped using filezilla after this incident.

Contact big stock through their website, they should be able to restore your acct.

I just got an email from them saying that I can reset my password by following a link. The link was legit, but I had not requested my password be reset. I first went to the site and saw that I had been logged out and it wouldn't let me log in with my current password. I changed the password and sent them an email.

I changed my password at bigstock, cause someone changed the password from my girlfriend at bigstock. She resetted the password and now it works. But someone looked in her account, has now her adress and paypal-mail. Not good. She asked bigstock why this could happen and wait for a respond.

But when I tried to login a second time, it doesn't work. So bigstock thought I stealed my own password or what ?

So, I mailed the support and wait for an answer.

I also could not log in as they would not accept my password. Had to change password and was able to log back in without issue. But, I am very concerned over personal info and how password was changed in the first place. Sent email to bigstock. Waiting for reply.... I am really hoping this was an internal glitch and not a hack.

I just received three emails from Bigstock:

- the first email prompts me to resetting my password and announces the second one
- the second email provides a link to reset my password
- the third email knows nothing about the first two and announces me that my password was changed and I should contact support if I didn't request the change.

After reading the first email, I was wondering if it was authentic but when I went to sign in with the old password, I couldn't so I was forced to changed it.

Quote from: redo on August 04, 2016, 18:42
I changed my password at bigstock, cause someone changed the password from my girlfriend at bigstock. She resetted the password and now it works. But someone looked in her account, has now her adress and paypal-mail. Not good. She asked bigstock why this could happen and wait for a respond.

This is not a Bigstock problem, unfortunately it is much bigger than that. In this case you should change all passwords on the double, gmail, PayPal..........

Here is an interesting article about this year's compromised emails. You can check if yours was compromised here and/or here.

Yeah, apparently I missed the first email, so all is good.

We got these e-mails today, too. Does anyone actually have knowledge of what the concerns are here? The e-mails were suspicious and we didn't act on any links in them. But we did end up having to request a password change and making it. 

I got the email too this morning. What alarms me is the lack of detail:

Dear Marina,

To make sure you continue having the most secure experience possible on Bigstock, we’re regularly monitoring our site and the Internet to keep your account information safe. As part of this routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Bigstock-related, we know that many customers reuse their passwords on multiple websites.

As a precaution, we would like to validate that your account information is up to date and accurate. You will be receiving a second email shortly with a link to reset your password.

If you have any additional concerns please contact Bigstock support.

Sincerely,

Bigstock Security Team

They are quick to say it's not Bigstock related - Who did it originate from then if it wasn't big stock? How many email an passwords are involved? Hundreds? Thousands? 

Bigstock is now part of Shutterstock - is it SS's fault? Is my SS account in danger too?

I don't trust these emails so I went to the site (did not click any link on any email) and changed my password that way.

Quote from: LifeofRileyDesign on August 05, 2016, 04:00

They are quick to say it's not Bigstock related - Who did it originate from then if it wasn't big stock? How many email an passwords are involved? Hundreds? Thousands? 

Bigstock is now part of Shutterstock - is it SS's fault? Is my SS account in danger too?

I don't trust these emails so I went to the site (did not click any link on any email) and changed my password that way.

It's true, it is not BS related. I myself sent them an email on an irritated tone and now I regret it.

I left a link above about how these gangsters sell stolen accounts for 50 roubles.

Btw, how could you change your password without clicking on the link in the email? Once they send out the email they also block your account so you can't sign in with the old password any more?

Mine got hacked to. Today I received a message from Bigstock that my e-mail was changed to my original e-mail the one I always had with them. But I did not change anything. At the same time I got a message "Your Bigstock payout email address has been updated to (PayPal) "
This was around midnight. Then I logged in to Bigstock this morning and saw that there was a payout of over $450 on July 11th . But I never requested it and it never reached my paypal account.

So many of us - I failed to log in to Bigstock with my old password yesterday. Then saw the same password reset email. I reset and logged in without problems afterwards, my earnings are untouched and so is my paypal account. Sorry to read someone's payouts are gone

I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

Quote from: dirkr on August 05, 2016, 11:52
I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

same here!

Quote from: dirkr on August 05, 2016, 11:52
I also got those two emails. As I don't like clicking on links in emails (even if they do look legit) I sent a message to Bigstock support if this really came from them. No answer yet...
But, as others, I can't log in to my BS account any more with my old password...

Same here !