MicrostockGroup

Agency Based Discussion => Envato => PhotoDune => Topic started by: Sandeel on May 19, 2014, 16:25

Title: "We need you to change your password"
Post by: Sandeel on May 19, 2014, 16:25

Trying to log in to PhotoDune, I'm getting a page with the following message:

"Hi there. We need you to change your password.
...
An email has been sent to (my E-mail address) with further instructions and a link that you'll need to follow. Click on the link, enter a new password and you'll be back in business.
..."

I might be paranoid, but is it safe to click on a link in such an E-mail? Isn't that a common way to steal passwords? Have you got that message too, and how do you know it's really from Envato?

Thanks.

Title: Re: "We need you to change your password"
Post by: disorderly on May 19, 2014, 16:35

It's wise to be concerned, but in this case the instructions are real.  They are dealing with the aftermath of the Heartbleed bug, which might have let someone get to your current password on any websites that relied on OpenSSL for their security.  Now that they have patched their sites, everybody needs to change passwords to be safe.  And to be doubly secure, make sure you use a different, unguessable password at each site.

To verify the instructions you were given, examine the URL in the email and make sure it goes to one of Envato's domains.  Don't just look at the URL as it appears in the email; look at the HTML code to see where it really points.  If the domain in the URL looks weird or you just aren't sure, contact Envato's support people.

Title: Re: "We need you to change your password"
Post by: Sandeel on May 19, 2014, 17:35

Thanks a lot disorderly, that's very helpful.  :)