MicrostockGroup

Agency Based Discussion => Shutterstock.com => Topic started by: VUSschneider on December 04, 2018, 02:40

Title: My Shutterstock account hacked
Post by: VUSschneider on December 04, 2018, 02:40
Hi,
yesterday my shutterstock account was hacked. They changed email account and payment infos. I can`t login to the account. I`ve contacted Shutterstock yesterday but i have not heard anything.
Has anyone ever happened?
Title: Re: My Shutterstock account hacked
Post by: Chichikov on December 04, 2018, 04:29
Not only you.
https://forums.submit.shutterstock.com/topic/95897-everyone-check-your-account-settings/?tab=comments#comment-1719487
Title: Re: My Shutterstock account hacked
Post by: pixel86 on December 04, 2018, 07:14
Thanks for the heads up...checking now.edit: all good, but then I had changed my pw a couple weeks ago when someone reported a hack, but others said it wasn't.
Title: Re: My Shutterstock account hacked
Post by: mindstorm on December 04, 2018, 10:44
Yep. Happened to me earlier this year.

I got an automated email from SS saying my payment info had changed -- it now went to some bank in Eastern Europe.  That wasn't me...

I managed to log on (had to jump through a couple hoops because they had changed the password, but I did manage to get in).  I then changed my password to something stronger -- AND UNIQUE TO SS -- and then changed the bank info back to my own bank.

I then sent an email to SS, telling them of the unauthorized change, and my response to it.  I heard back from them a couple days later. Clearly a personal email. The SS support person thanked me for letting them know, and said they would have told me to do exactly what I had already done, and thanked me for taking that action.

I expect my experience was then entered into a database somewhere in SS to let them know the extent of the problem, and perhaps help them come up with ways to stop the incursion.
Title: Re: My Shutterstock account hacked
Post by: HughStoneIan on December 04, 2018, 10:50
This just proves how effective the wonderful recaptcha is!!
Title: Re: My Shutterstock account hacked
Post by: Dumc on December 04, 2018, 11:29
what has recaptcha got to do with people using weak password and probably same password everywhere.
Title: Re: My Shutterstock account hacked
Post by: Pauws99 on December 04, 2018, 11:58
what has recaptcha got to do with people using weak password and probably same password everywhere.
and what do you base that statement on? I think it has more to do with being required to use the same password as the sign in for insecure FTP.
Title: Re: My Shutterstock account hacked
Post by: Dumc on December 04, 2018, 12:21
captcha is for preventing automated bots to log in, not for anti-hacking. When the system is hacked, thousand users would be affected, not just one or two. Hackers use brute force to try to guess pasword and that how it was probably done. I'vve had few occasions in the last months, warning from google that someone was trying to login to my email acccount.
Title: Re: My Shutterstock account hacked
Post by: mindstorm on December 04, 2018, 13:23
Hackers use brute force to try to guess pasword and that how it was probably done.

That is how they used to do it. More recently, they hack large databases where they can skim millions of passwords. They then go through various other sites trying the same email/password combinations to see which ones get unlocked.

That is why you have probably gotten a slew of emails saying they saw you on a porn site playing with yourself on your camera, which they controlled.  Actually not at all true, but they took the passwords they gleaned from one of the mass attacks and sent out the emails, knowing that a few would fall for it and pay the ransom.  They only need a very tiny percentage to succeed to reap themselves millions of $ in profit...

And BTW, I don't think I have EVER seen a captcha on SS.  When I log in, I am directly on my dashboard.
Title: Re: My Shutterstock account hacked
Post by: Not Today on December 04, 2018, 15:00
Don't forget when changing password... 12 characters is the minimum recommended.

https://www.betterbuys.com/estimating-password-cracking-times/assets/images/password_time_and_length.jpg (https://www.betterbuys.com/estimating-password-cracking-times/assets/images/password_time_and_length.jpg)
Title: Re: My Shutterstock account hacked
Post by: k_t_g on December 04, 2018, 17:42
You don't thing they managed to use a "hack program" besides the usual password hack?
Because this is exactly what it smells like to me.

Helpful info:
Here is one way to secure: https://lastpass.com/getlastpass1.php?n=1&mcomb=sa8Igu52I|139371278098|lastpass|e|i8rbbhb5l0|c&cvosrc=ppc.google.lastpass&cvo_campaign={campid}&cvo_crid=139371278098&Matchtype=e&gclid=EAIaIQobChMIzqSJi9Pr1QIV17rACh3cMAZYEAAYASAAEgLmJPD_BwE (https://lastpass.com/getlastpass1.php?n=1&mcomb=sa8Igu52I|139371278098|lastpass|e|i8rbbhb5l0|c&cvosrc=ppc.google.lastpass&cvo_campaign={campid}&cvo_crid=139371278098&Matchtype=e&gclid=EAIaIQobChMIzqSJi9Pr1QIV17rACh3cMAZYEAAYASAAEgLmJPD_BwE)
And here is a more traditional method; Make a nice long password. Long as you can. Must be different then other passwords you have on other sites you use. make them with numbers, letters in both regular and capitals and also use symbols. The same with questions and answers. Make crazy question and answers but use plenty of spelling mistakes, nonsense words and again use symbols. Bunch some words. Have a little black book for your questions and answers and passwords so you don't forget or save them in a thumb drive.
Use those double notification security functions that come with many sites.
All good info till they make "a better mouse trap" in the future.
Hopefully soon.  ;)
Title: Re: My Shutterstock account hacked
Post by: gnirtS on December 05, 2018, 05:09
Shutterstocks FTP is the biggest security hole in the entire thing.

Same username and password as the main site and no encryption at all so details sent plain text for all to see.
Title: Re: My Shutterstock account hacked
Post by: CDPiC on December 06, 2018, 12:09
#metoo and Creative Market as well. Check your account. creative Market hasnt auto payout but i seen in time and reported.
Creative Market Hack Account PayPal: mariko.o220.01kolemds@gmail.com