MicrostockGroup Sponsors


Author Topic: Time to change your passwords again?  (Read 5837 times)

0 Members and 1 Guest are viewing this topic.

« on: November 20, 2007, 11:33 »
0
I am clipping this from the talkmicro forum.  I hope that's okay to do, but I thought it was important for everyone to read.

  Today, 03:17 PM 
cphoto 
 StockXpert and Fotolia accounts hijacked

--------------------------------------------------------------------------------

I can't believe it! Someone did actually hijacked my StockXpert account, and shortly after that my Fotolia account.

I contacted both agencies immediately, Fotolia was the most reactive, they asked me to call them and then canceled the credit conversion that the guy was trying to do.

StockXpert is currently investigating, I hope they will be able to recover my money (I had over $100).

Anyway I wonder how that could have happened because my password are impossible to guess and I only check my accounts on my personal computers

Of course I changed my password everywhere else, and interestingly enough only StockXpert and FL were hijacked. (I'm with about 10 agencies)


and later...

cphoto 

No kidding! Now I won't complain anymore that it takes a couple of days to cash out!

So with FTL the guy tried to convert ALL my credits to buy images, but they locked my account just in time.

With StockXpert, the guy changed my email, password, and paypal address and tried to cash out. But the StockXpert team got my emails just on time and recovered my account.

That was very close!!




« Reply #1 on: November 20, 2007, 11:38 »
0
omg that was very close~!

I think, I better to change my password right now!

best way to do I think is change the password every 3~6 monthes.

good luck guys!

« Reply #2 on: November 20, 2007, 12:03 »
0
Ouch!

Thanks for the reminder.... I just changed all of mine too!



« Reply #3 on: November 20, 2007, 12:27 »
0
wow.. ouch.... good thing he caught them!!

« Reply #4 on: November 20, 2007, 12:48 »
0
Can't the sites do more to protect our money?  Perhaps a second password for withdrawals or exchanging for credits would help.

« Reply #5 on: November 20, 2007, 12:49 »
0
Hi guys. We're still investigating this, but we think what might have possibly happened is that the hacker got into his e-mail first. You may want to consider changing your e-mail passwords too.

-Steve

cphoto

  • CreativeShot.com
« Reply #6 on: November 20, 2007, 15:29 »
0
First of all just want to thank Steve from StockXpert and Charles from Fotolia, both responded and took actions within hours.

My email account has a different password and I doubt anyone was ever able to get into it.  Even if they did so I did not see any trace of a "forgot password email" that could have lead the hacker to my microstock account password.

Anyway I think it is time to make the profile page in all microstock sites more secure and implement basic features such as:

1) if someone tries to change his email or password, send an email to the old email to confirm the change.  That would alert immediately the account owner in case of hijacking
2) ask a security question whenever a critical change on the profile is made (like use forgot password question?)
3) use https on all login page!


« Reply #7 on: November 20, 2007, 15:39 »
0
I'm using a new security thing called Sandboxie.  It's free.  It's only a modest program but every little extra security measure helps.

« Reply #8 on: November 20, 2007, 17:13 »
0
Steve,

Are you aware of other members' account being hacked?

Regards,
Adelaide

« Reply #9 on: November 20, 2007, 17:29 »
0
Be aware of the keyloggers as well. If somebody infiltrated into your system with a keylogger, changing passwords won't do any good.

cphoto

  • CreativeShot.com
« Reply #10 on: November 20, 2007, 17:48 »
0
Be aware of the keyloggers as well. If somebody infiltrated into your system with a keylogger, changing passwords won't do any good.

That's a great suggestion. 

In my case I use Spy Sweeper engine, so I should not have any spyware or keylogger in my system.

« Reply #11 on: November 20, 2007, 19:38 »
0
Hi,

It's terrible when such things happen.  I hope it doesn't happen to me...ahum...:-)

I have a double savety routine installed.  Incoming mail goes through an email checker (mailwasher pro) that filters most spam and hack attempts.

Secondly  i always have my mcaffee active on background, highest settings, actually, i use the full package of them and never regretted it.  Mail is checked before it comes to my hard drive,  Internet surfing is monitored also, allerting for possible dangerous sites etc... Regular checks of the drives is done on a daily basis... updates come in  and are being installed as sone as available, almost on a daily basis also...

Thirdly (is that correct grammar.?.)... for finacial sites i won't let firefox remember login paswords etc....  and i change those on a weekly basis.

And it also helps that the server i'm using here in belgium has all users/clients behind a firewall, actively monitoring for hackers and blocking all attempts from what remotely looks like hacking/phising etc... but informing you of the attempt and if you want to accept or not....

Sounds paranoid... nope... one can't be carefully enough these days.

Patrick.

« Reply #12 on: November 21, 2007, 07:39 »
0
This is terrible! But I don't understand what good it will do to change the password if there is a security leak in the sites no matter how often you change it they will eventually get it correct.I know we have too choose strong passwords but will it be enough to protect our accounts,I hope it will.
 this is indeed too bad!

« Reply #13 on: November 21, 2007, 09:42 »
0
security leak is not in sites, it is in your computer most likely. It is called "key logger". it's basicaly a virus, trojan... you picked it up somewhere, and now it is sending everything you type to the person who infected you.

« Reply #14 on: November 21, 2007, 10:15 »
0
security leak is not in sites, it is in your computer most likely. It is called "key logger". it's basicaly a virus, trojan... you picked it up somewhere, and now it is sending everything you type to the person who infected you.
I see,my reaction was because lately there were some reports  mentioning some security leaks  on StockXpert first I thought it was related to it and secondly as for Ft, it doesn't allow  more strong paswords by only allowing    letters and numbers to be used  in passwords,that was what I was referring to.but you are absolutely right it is us who should take care of our data in the first  place.

cphoto

  • CreativeShot.com
« Reply #15 on: November 21, 2007, 10:18 »
0
security leak is not in sites, it is in your computer most likely. It is called "key logger". it's basicaly a virus, trojan... you picked it up somewhere, and now it is sending everything you type to the person who infected you.

Not in my case, I have an antyspyware (Spy Sweeper) and antivirus (McAfee Security Center) running ALL the time with automatic download of latest virus/spyware definitions.

Also if someone has access to what I type on my PC I would imagine he would have hijacked something a little bit more interesting, such as my bank accout, paypal account or email account!  And not just 2 of my microstock accounts.  For instance I had much more money in my istock account.

cphoto

  • CreativeShot.com
« Reply #16 on: November 21, 2007, 10:21 »
0
security leak is not in sites, it is in your computer most likely. It is called "key logger". it's basicaly a virus, trojan... you picked it up somewhere, and now it is sending everything you type to the person who infected you.


Also I was going through the forum and found an interesting thread:  It looks like there was a security hole with StockXpert, that is fixed now, but the hacker could have got the passwords at the time... http://www.microstockgroup.com/index.php?topic=2747.0


cphoto

  • CreativeShot.com
« Reply #17 on: November 21, 2007, 16:12 »
0
One thing I just realized, the hacker waited that I have exactly $100 on my account to change the password to his.

So he might have known my password for a couple of weeks already and he was just waiting...

If you're getting close to your payout keep monitoring your account, just in case.

« Reply #18 on: November 22, 2007, 11:51 »
0
cphoto, I'm sorry this happened and thank you for sharing your unfortunate experience.   I hope you find some resolution to this and that the agencies take responsibility for your earnings.

I'm sure there are many out there who use the same password for many places.  Banks, on-line accounts, forums.  Bad people have to work somewhere, and it would be so easy for a bad staff member to steal account member passwords.    And we (microstockers) all seem to hang out at the same places - the same agencies, the same blogs, the same forums.  Oh, boy... imagine signing up to some forum with your paypal e-mail address and your password, the same one that you use on all your microstock accounts.  Yikes.  I'm too old to memorize passwords anymore, and the older I get the longer the passwords get too, with a combination of upper/lower case letters, a few numbers....  My cheat sheet is getting pretty long.

It just bothers me that there are people smart enough to pull it off and who have the desire and the time to steal 100 bucks.  I suppose it's a matter of stealing several x 100 bucks.   Boy, I sure hope they are feeding a starving child with that money and not blowing it up their nose.

cphoto

  • CreativeShot.com
« Reply #19 on: November 22, 2007, 13:13 »
0
Fortunately both Fotolia and StockXpert were both very reactive and canceled the payment request.  No money was lost.

The hacker was trying to send the money from both accounts to his MonneyBookers account (I still have his mooneybookers email address in my account).

I now use a different password on each site that I plan on changing every month.

« Reply #20 on: November 22, 2007, 13:16 »
0
In order to keep track of passwords, Keepass is a great open-source software product.

You can read about it here:

http://en.wikipedia.org/wiki/Keepass

You can find it here:

http://keepass.info/

« Reply #21 on: November 22, 2007, 13:55 »
0
yeah, i use keypass as well

« Reply #22 on: November 22, 2007, 14:19 »
0
Fortunately both Fotolia and StockXpert were both very reactive and canceled the payment request.  No money was lost.

The hacker was trying to send the money from both accounts to his MonneyBookers account (I still have his mooneybookers email address in my account).

I now use a different password on each site that I plan on changing every month.
What country are you in?  Are you (or the agency) forwarding the information to Police/RCMP/FBI - whatever?   Moneybookers must require banking info which would require id at some point, wouldn't it?

vonkara

« Reply #23 on: November 22, 2007, 14:33 »
0
I think a good thing to do it's when you are close to your payout, change the password, at this time only. It seem the better time to do it whitout changing it like Bill Gates will do. ;) Unless some people reach payout every weeks...


 

Related Topics

  Subject / Started by Replies Last post
4 Replies
5069 Views
Last post May 29, 2007, 12:27
by sim
2 Replies
2220 Views
Last post December 10, 2008, 13:54
by alias
10 Replies
2544 Views
Last post October 27, 2011, 23:46
by Pixart
24 Replies
7532 Views
Last post July 12, 2012, 09:27
by ShadySue
13 Replies
1772 Views
Last post April 21, 2013, 23:44
by Travelling-light

Sponsors

Microstock Poll Results