MicrostockGroup
Agency Based Discussion => Shutterstock.com => Topic started by: photostockad on October 16, 2015, 15:26
-
This message is normal? It goes to an unsecure page. I don't want to try forward .. Please see attachments.
-
I just experienced the same. Has already mailed support.
Anybody know if Shutterstock is being hacked?
-
That's odd, I'm curious what Shutterstock has to say about this.
-
Here's what I see when I click on the email verify link:
(http://i826.photobucket.com/albums/zz187/rimglow/trust_zpsuxbarzvu.jpg)
-
I've got the same message. Wondering, if it could be really necessary to confirm the email address after almost 7 years (in my case). So I think, this must be phishing!
-
I don't see the message. The only weird thing was having a batch fully aproved after review :P
-
I've got the same message. Wondering, if it could be really necessary to confirm the email address after almost 7 years (in my case). So I think, this must be phishing!
Well, if it's a phishing scam, I just fell for it. And I got a "confirm your email" link back that appears to be entirely legitimate.
Who knows why they might do this after so many years of accepting a certain email (like mine or yours), but IMHO it does appear to be legit.
-
Hi everyone,
We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!
Vincent
-
Hi everyone,
We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!
Vincent
Vincent, as long as you're here… can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?
That's a fairly new wrinkle at SS, and it's not especially appealing.
Thanks!
-
Hi everyone,
We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!
Vincent
Thank you, Vincent! Done!
-
I'm not sure anyone has ever gotten a Captcha right on their first try anywhere in the world.
-
It's fixed now.
-
Vincent, as long as you're here… can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?
That's a fairly new wrinkle at SS, and it's not especially appealing.
Thanks!
[/quote]
+10 . i hate those capcha the first time. now the pictures are even more ridiculous.
yknow, even banks do not use capcha, so how necessary is this for stock agency. no one uses capcha because they are hopelessly illegible.
not one financial site uses this capcha thing. if it is that safe, banks , financial business,etc would use them.
-
Vincent, as long as you're here… can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?
That's a fairly new wrinkle at SS, and it's not especially appealing.
Thanks!
+10 . i hate those capcha the first time. now the pictures are even more ridiculous.
yknow, even banks do not use capcha, so how necessary is this for stock agency. no one uses capcha because they are hopelessly illegible.
not one financial site uses this capcha thing. if it is that safe, banks , financial business,etc would use them.
+10 :(
They used to be food items: pizza, donuts, drinks, steak, hamburgers, etc. That was pretty easy to get right.
Now, though, you have to squint to figure out which 2-3 lo-res snips from a set of lousy photos show a construction vehicle or an RV, a car or a sailboat, a tricycle or a bicycle, street signs or business signs, etc. The images are almost always terrible… and certainly not good examples of the quality work that SS supposedly sells.
Do customers have to jump through these same ridiculous hoops? Or is it just us lowly contributors?
-
There is actually a bigger problem. The default log in page is not encrypted, it uses http rather than https. Chrome says the identity of the web site cannot be confirmed. The http site should automatically route users to the https site to ensure encryption is used to protect the data entered during log in by the user. This is web security 101.
Additionally when you manually enter the https vs http Chrome says the site uses weak security (SHA-1). Again Web Security 101. This was not the case previously. I suggest whoever is in charge needs to take a look at what is going on very carefully and users be very cautious.
-
Hi everyone,
We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!
Vincent
Vincent, as long as you're here… can you possible change the ridiculous captcha routine that makes us jump through repetitive photo-identifying hoops whenever we try to log into our own accounts?
That's a fairly new wrinkle at SS, and it's not especially appealing.
Thanks!
Well that's kind of strange anyway - first thing I did is to come here and check why there's a need to verify long ago verified mail. Whenever I see somewhere in the internet "we pay you but you just need to click this" makes me feel uneasy. Also you send the "welcome new user" template that says it's a first step on becoming new contributor. "Thank you for taking the first step in becoming a Shutterstock contributor." -> I was kind of surprised and this made me suspicious that my account was somehow hacked. Would be nice to get the real message explaining like, "Hi _our dearest and most precious and we love you so much_ ;) user. We need to re-verify your mail, because of the reasons. [Put reasons here]. It's all ok, just click here and here."
-
Hi everyone,
We apologize for the confusion - we want to ensure that all users on our site are safe and secure and are taking an extra step to ensure that your data is safe. We have fixed the unsecure link now and would greatly appreciate if those that see the message can verify their email address. Thank you!
Vincent
The way it's worded reminds me a lot of regular spam e-mails. What if I don't want to click it? What happens then?
-
I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.
-
I verified my e-mail address as Vincent requested - and I too think that getting a "welcome" screen telling me I'm on the way to becoming a contributor is just amateur hour stuff. Harmless but indicates no one was paying attention to the details when doing this.
I did change my password, just as a precaution.
I also added my e-mail address for PayPal - which had become blank.
The first attempt gave me an error message saying the e-mail address wasn't properly formatted (it was). I did the same thing a second time and it succeeded and then I got this genius e-mail (I've changed the actual e-mail address):
Hi,
This email is to inform you that your account information below has recently been changed:
"Paypal/Moneybookers Email Address" was changed from "" to "me@foobar.com"
If you did not make these changes, please contact Shutterstock Support immediately.
Regards,
Shutterstock Support
It's possible that when the PayPal address is blank it will use your main e-mail address (which would be fine in my case), but it doesn't say that and I'd rather avoid payment problems next month.
-
"me@foobar.com"
Great creative email, Jo Ann. Love it! ;)
-
Sad that they take so little precautions with our security. Strange to see a site being thanked for exposing our accounts to theft.
I also just noticed that my Paypal email address has been removed from my details on Shutterstock. This getting more concerning.
There is actually a bigger problem. The default log in page is not encrypted, it uses http rather than https. Chrome says the identity of the web site cannot be confirmed. The http site should automatically route users to the https site to ensure encryption is used to protect the data entered during log in by the user. This is web security 101.
Additionally when you manually enter the https vs http Chrome says the site uses weak security (SHA-1). Again Web Security 101. This was not the case previously. I suggest whoever is in charge needs to take a look at what is going on very carefully and users be very cautious.