MicrostockGroup Sponsors


Author Topic: URGENT! Security failure at Stockxpert!  (Read 8067 times)

0 Members and 1 Guest are viewing this topic.

XPTO

« on: December 21, 2010, 04:24 »
0
URGENT

Today, after I've accessed the stockxpert site I've noticed I was logged on into another member account!

It seemed my log-in was still active from my last access but it directed me to another member account.

I even checked the downloads, saw the accumulated money, etc., and I even think I could have changed the payment address and ask the money (haven't checked) since all was normal in the site and only after a while I've noticed it wasn't my account.

This is extremely serious and I wonder if someone is accessing my account too.

Please verify this situation, and contact StockXpert support if you verify this too..


« Reply #1 on: December 21, 2010, 04:36 »
0
I see my account as usual...

« Reply #2 on: December 21, 2010, 07:13 »
0
URGENT

Today, after I've accessed the stockxpert site I've noticed I was logged on into another member account!

It seemed my log-in was still active from my last access but it directed me to another member account.

I even checked the downloads, saw the accumulated money, etc., and I even think I could have changed the payment address and ask the money (haven't checked) since all was normal in the site and only after a while I've noticed it wasn't my account.

This is extremely serious and I wonder if someone is accessing my account too.

Please verify this situation, and contact StockXpert support if you verify this too..

This has happened to others in the past as well. Not something new. Never seems to get fixed.
I just don't think IS cares about this stuff anymore.

Microbius

« Reply #3 on: December 21, 2010, 07:56 »
0
That's what I was going to say. I remember a similar thread not too many months ago.
I think IStock has so many mistakes to clean up at the moment getting it sorted must be on the end of a very long list!

« Reply #4 on: February 08, 2011, 04:17 »
0
So, I opened the StockXPert page today morning, logged into my account and then navigated away. When I returned to the page bit later during the same browser session, I noticed that I'm still logged in but to a different account (with much greater balance). I thought 'crap'. Logged out and logged in again with my credentials. And so I was back to my account. Then I checked my balance just to notice someone has requested payment at 2:26 AM my time yesterday (when I was asleep).

My profile still has the same correct paypal address. I don't know if it is possible for someone to change it, request payment and then change it back, so that I don't notice anything. I'm not sure if payment address is recorded at the moment of payment request and goes with the payment or if it is used at the moment of payment processing from the account.

Anyway, this is real crap.

EDIT: I've contacted support and requested them to verify the payment is going to correct Paypal address. Anyhow, this is pretty serious security issue.
« Last Edit: February 08, 2011, 04:27 by Danicek »

grp_photo

« Reply #5 on: February 08, 2011, 10:47 »
0
This leads to one question does the Stockagencies in general control if the Paypal-Account is registered to the same name as the contributor or do simply transfer using the email and don't even look at the real name or maybe even can't?

Does anybody now this?

WarrenPrice

« Reply #6 on: February 08, 2011, 11:03 »
0
This (the login/account problem) is not a new "feature."  It has happened to me more than once and I have reported it more than once. 

All occurrences were after StockXpert was acquired by that other entity.

microstockphoto.co.uk

« Reply #7 on: February 08, 2011, 11:18 »
0
that entity is a community and money doesn't make you happy - so what's the matter if someone else can access your account and ask for a payout instead of you?
« Last Edit: February 08, 2011, 11:25 by microstockphoto.co.uk »

« Reply #8 on: February 08, 2011, 13:40 »
0
This (the login/account problem) is not a new "feature."  It has happened to me more than once and I have reported it more than once.  

All occurrences were after StockXpert was acquired by that other entity.

Yes, I know it is not new, although this is the first time it happened to me. What makes it special (at least for me :]) is that someone went ahead and requested the payout of may $58.

lisafx

« Reply #9 on: February 08, 2011, 14:08 »
0

Yes, I know it is not new, although this is the first time it happened to me. What makes it special (at least for me :]) is that someone went ahead and requested the payout of may $58.

Exactly!  That certainly takes the issue to a whole new level.  And of course it demonstrates the real and significant danger of this particular bug.   :o

« Reply #10 on: February 08, 2011, 17:24 »
0
This (the login/account problem) is not a new "feature."  It has happened to me more than once and I have reported it more than once.  

All occurrences were after StockXpert was acquired by that other entity.

Yes, I know it is not new, although this is the first time it happened to me. What makes it special (at least for me :]) is that someone went ahead and requested the payout of may $58.

WOW! :o :o :o

« Reply #11 on: February 09, 2011, 00:47 »
0
Wow!! This is unbelievable!  I guess we need to be very careful about logging out everytime we are done at StockXpert

« Reply #12 on: February 09, 2011, 05:32 »
0
This (the login/account problem) is not a new "feature."  It has happened to me more than once and I have reported it more than once.  

All occurrences were after StockXpert was acquired by that other entity.

Yes, I know it is not new, although this is the first time it happened to me. What makes it special (at least for me :]) is that someone went ahead and requested the payout of may $58.

WOW! :o :o :o

Of course, it is possible someone else logged in, was directed to the wrong account-yours, saw the money and thought it was his account, requested a payment.  Hopefully, You will get your payment and hopefully the other guy or gal will find out this site is not secure and they did not have $58 dollars in their account.

« Reply #13 on: February 09, 2011, 05:54 »
0
 I don't know why you think this is serious. Not costing StockXpert anything so how is it serious?

WarrenPrice

« Reply #14 on: February 09, 2011, 11:07 »
0
I don't know why you think this is serious. Not costing StockXpert anything so how is it serious?

That is sort of what I tried so ineptly to say.  It has been going on for about a year and has been reported several times.  They don't seem to care ... The Getty syndrome.

« Reply #15 on: February 09, 2011, 16:22 »
0
Just curious, was it a single event or are people reporting such problems?

IT people, humpf! Always messing up with software so they are needed eternally.  ;D

« Reply #16 on: February 11, 2011, 16:23 »
0
Just curious, was it a single event or are people reporting such problems?

It was not a single event, it happens to various people from time to time (as Warren points out for more than a year).

The support guy (Darek, obviously in charge of StockXpert stuff at IS) got back to me in timely manner and in very polite tone and said he will ensure the payment goes to my Paypal address. He did not said whether it was already going to my address or if someone indeed attempted to get the money.

Anyhow, he did not sound surprised to hear I just got to someone else account and someone else got to mine. Obviously a known bug.

« Reply #17 on: February 11, 2011, 16:54 »
0
what?, glad I deleted my account. Somehow I think the priority for fixing anything on StockXpert would be absolutely zero.

« Reply #18 on: February 12, 2011, 11:28 »
0
Yes, apparently it is closed to zero. On the other hand they disclosing personal account information and allowing people to steal from others by not fixing it. That is rather serious issue.


 

Related Topics

  Subject / Started by Replies Last post
7 Replies
5091 Views
Last post August 01, 2007, 17:27
by hospitalera
11 Replies
7597 Views
Last post October 10, 2010, 06:46
by Ploink
24 Replies
7054 Views
Last post November 19, 2011, 04:59
by Batman
10 Replies
3481 Views
Last post November 01, 2013, 11:29
by Kerioak~Christine
56 Replies
30257 Views
Last post April 19, 2015, 16:56
by KnowYourOnions

Sponsors

Mega Bundle of 5,900+ Professional Lightroom Presets

Microstock Poll Results

Sponsors