iStockphoto Phished, Flushed

Filed under:Technology — posted by cehwiedel on March 5, 2009 @ 5:18 am

The big Getty-owned microstock photo site was the target of a phishing attack yesterday, as reported by Jason Kincaid at TechCrunch. Site administrators followed security protocol and took the site offline.

In the community news section of the restored iStockphoto website, kkthompson addressing the attack:

This afternoon a phishing attack was conducted in the forums and through sitemail. This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page.

Some Q&A:

Is my credit card information safe?
iStockphoto does not store any credit card information, so there is no financial information to breach.

Is your site secure?
Our site is secure. We detected this attempted breach within minutes and implemented our security protocol: because we weren’t sure how far-reaching it was, we took the site down to eliminate further exposure.

What should I do now?
Step 1: Please reset your iStock Password

Step 2: As a precaution, please make sure you reset all your online passwords on other sites if they happen to be the same as the one you use on iStockphoto.

Another microstock site, BigStockphoto, alerted its own affiliates:

Always beware of emails from any online site that randomly appear, specifically asking you to log into your account. You’re all probably well aware of emails like this that appear to be from Paypal and eBay.

BigStockPhoto sends out one email to NEW USERS upon sign up, asking them to click a link to validate their accounts. Aside from that, we do not send out emails asking users to log in to their accounts.

BigStockPhoto sends a standard newsletter about once a month with related deals, news, etc. **We do not send out emails asking you to verify and log into your account for no other reason.** If you are unsure, please contact service@bigstockphoto.com at any time.

You can tell a phishing/fake email by looking at the URL you are directed to. If it does not show “bigstockphoto.com/” as the top level domain name, it’s fake.

Transparency note: I sell photos through both BigStockphoto and iStockphoto.

Click an icon to share this post through a social bookmarking site:
  • blinkbits
  • BlinkList
  • co.mments
  • del.icio.us
  • Digg
  • Fark
  • Furl
  • NewsVine
  • Reddit
  • StumbleUpon
  • TailRank
  • Technorati
  • YahooMyWeb

zero comments so far »

Please won't you leave a comment, below? It'll put some text here!

Copy link for RSS feed for comments on this post or for TrackBack URI

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)




image: manual typewriter

Bad Behavior has blocked 36 access attempts in the last 7 days.