MicrostockGroup
Agency Based Discussion => Shutterstock.com => Topic started by: VUSschneider on December 04, 2018, 02:40
-
Hi,
yesterday my shutterstock account was hacked. They changed email account and payment infos. I can`t login to the account. I`ve contacted Shutterstock yesterday but i have not heard anything.
Has anyone ever happened?
-
Not only you.
https://forums.submit.shutterstock.com/topic/95897-everyone-check-your-account-settings/?tab=comments#comment-1719487
-
Thanks for the heads up...checking now.edit: all good, but then I had changed my pw a couple weeks ago when someone reported a hack, but others said it wasn't.
-
Yep. Happened to me earlier this year.
I got an automated email from SS saying my payment info had changed -- it now went to some bank in Eastern Europe. That wasn't me...
I managed to log on (had to jump through a couple hoops because they had changed the password, but I did manage to get in). I then changed my password to something stronger -- AND UNIQUE TO SS -- and then changed the bank info back to my own bank.
I then sent an email to SS, telling them of the unauthorized change, and my response to it. I heard back from them a couple days later. Clearly a personal email. The SS support person thanked me for letting them know, and said they would have told me to do exactly what I had already done, and thanked me for taking that action.
I expect my experience was then entered into a database somewhere in SS to let them know the extent of the problem, and perhaps help them come up with ways to stop the incursion.
-
This just proves how effective the wonderful recaptcha is!!
-
what has recaptcha got to do with people using weak password and probably same password everywhere.
-
what has recaptcha got to do with people using weak password and probably same password everywhere.
and what do you base that statement on? I think it has more to do with being required to use the same password as the sign in for insecure FTP.
-
captcha is for preventing automated bots to log in, not for anti-hacking. When the system is hacked, thousand users would be affected, not just one or two. Hackers use brute force to try to guess pasword and that how it was probably done. I'vve had few occasions in the last months, warning from google that someone was trying to login to my email acccount.
-
Hackers use brute force to try to guess pasword and that how it was probably done.
That is how they used to do it. More recently, they hack large databases where they can skim millions of passwords. They then go through various other sites trying the same email/password combinations to see which ones get unlocked.
That is why you have probably gotten a slew of emails saying they saw you on a porn site playing with yourself on your camera, which they controlled. Actually not at all true, but they took the passwords they gleaned from one of the mass attacks and sent out the emails, knowing that a few would fall for it and pay the ransom. They only need a very tiny percentage to succeed to reap themselves millions of $ in profit...
And BTW, I don't think I have EVER seen a captcha on SS. When I log in, I am directly on my dashboard.
-
Don't forget when changing password... 12 characters is the minimum recommended.
https://www.betterbuys.com/estimating-password-cracking-times/assets/images/password_time_and_length.jpg (https://www.betterbuys.com/estimating-password-cracking-times/assets/images/password_time_and_length.jpg)
-
You don't thing they managed to use a "hack program" besides the usual password hack?
Because this is exactly what it smells like to me.
Helpful info:
Here is one way to secure: https://lastpass.com/getlastpass1.php?n=1&mcomb=sa8Igu52I|139371278098|lastpass|e|i8rbbhb5l0|c&cvosrc=ppc.google.lastpass&cvo_campaign={campid}&cvo_crid=139371278098&Matchtype=e&gclid=EAIaIQobChMIzqSJi9Pr1QIV17rACh3cMAZYEAAYASAAEgLmJPD_BwE (https://lastpass.com/getlastpass1.php?n=1&mcomb=sa8Igu52I|139371278098|lastpass|e|i8rbbhb5l0|c&cvosrc=ppc.google.lastpass&cvo_campaign={campid}&cvo_crid=139371278098&Matchtype=e&gclid=EAIaIQobChMIzqSJi9Pr1QIV17rACh3cMAZYEAAYASAAEgLmJPD_BwE)
And here is a more traditional method; Make a nice long password. Long as you can. Must be different then other passwords you have on other sites you use. make them with numbers, letters in both regular and capitals and also use symbols. The same with questions and answers. Make crazy question and answers but use plenty of spelling mistakes, nonsense words and again use symbols. Bunch some words. Have a little black book for your questions and answers and passwords so you don't forget or save them in a thumb drive.
Use those double notification security functions that come with many sites.
All good info till they make "a better mouse trap" in the future.
Hopefully soon. ;)
-
Shutterstocks FTP is the biggest security hole in the entire thing.
Same username and password as the main site and no encryption at all so details sent plain text for all to see.
-
#metoo and Creative Market as well. Check your account. creative Market hasnt auto payout but i seen in time and reported.
Creative Market Hack Account PayPal: [email protected]