pancakes

MicrostockGroup Sponsors


Author Topic: Has Shutterstock been hacked today?  (Read 3449 times)

0 Members and 1 Guest are viewing this topic.

langstrup

« on: October 16, 2015, 15:44 »
0
Just got a message to verify my email. The message is in the top of my personal contributor page at Shutterstock.

I clicked the link, but then got to a unsecure page that my computer stopped. Does anybody know something?

Has already mailed support!


« Reply #1 on: October 16, 2015, 15:50 »
0
I just got this too. >:(

« Reply #2 on: October 16, 2015, 15:53 »
+1
Same for me. Clicked to verify but got blocked with an "Insecure" message from IE. Probaly best to avoid until SS confirm officially on their site that this is genuine.


« Reply #4 on: October 17, 2015, 01:52 »
0
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent
There is actually a bigger problem. The default log in page is not encrypted, it uses http rather than https. Chrome says the identity of the web site cannot be confirmed. The http site should automatically route users to the https site to ensure encryption is used to protect the data entered during log in by the user. This is web security 101.

Additionally when you manually enter the https vs http Chrome says the site uses weak security (SHA-1). Again Web Security 101. This was not the case previously. I suggest whoever is in charge needs to take a look at what is going on very carefully and users be very cautious.
« Last Edit: October 17, 2015, 01:54 by dcdp »

« Reply #5 on: October 17, 2015, 04:58 »
+1
I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.

« Reply #6 on: October 17, 2015, 06:41 »
0
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

Well it's not working for me!
"x This certificate is not valid (host name mismatch)"

Noedelhap

  • www.colincramm.com

« Reply #7 on: October 17, 2015, 07:45 »
0
I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.

Same here. Why is that?

« Reply #8 on: October 17, 2015, 08:04 »
0
Thank you for pointing that out.
My paypal email has also vanished.

« Reply #9 on: October 17, 2015, 08:32 »
0
My paypal email is still there, where it's always been, on SS.

« Reply #10 on: October 17, 2015, 09:05 »
0
My paypal email is still there, where it's always been, on SS.

Same here.

« Reply #11 on: October 17, 2015, 09:08 »
0
Hi everyone,

We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!

Vincent

Well it's not working for me!
"x This certificate is not valid (host name mismatch)"

It's working now and the paypal email is also fine.

« Reply #12 on: October 17, 2015, 09:35 »
+2
They were asleep at the wheel when the site was being hacked.

BS users reporting that their paypal email had been changed and payment had been requested. http://tinyurl.com/oa286l2

"I woke up this morning to emails from BS saying I'd changed my payment email. And apparently initiated paypal payment to the new address. I can't figure out how to change my password there and I'm furious. How can BS (owned by SS) allow payment to be made within moments of changing your email?

Check your accounts folks. If you can figure out how to change your password there, I would suggest doing so.

They also changed the name on my account... and I can't get in to fix the profile. "


And now they "need to verify that our email address is correct". Please at least admit you have been hacked.


"Verify your email

Is this the address you'd like associated with your account?


 

Related Topics

  Subject / Started by Replies Last post
14 Replies
4431 Views
Last post July 19, 2016, 08:20
by Pauws99
4 Replies
2747 Views
Last post August 22, 2017, 10:47
by niktol
6 Replies
2078 Views
Last post August 30, 2017, 04:40
by Sammy the Cat
38 Replies
7845 Views
Last post January 24, 2018, 17:59
by JimP
12 Replies
2526 Views
Last post December 06, 2018, 12:09
by CDPiC

Sponsors

Microstock Poll Results