I can't believe it! Someone did actually hijacked my SXP account, and shortly after that my Fotolia account.

I contacted both agencies immediately, Fotolia was the most reactive, they asked me to call them and then canceled the credit conversion that the guy was trying to do.

SXP is currently investigating, I hope they will be able to recover my money (I had over $100).

Anyway I wonder how that could have happened because my password are impossible to guess and I only check my accounts on my personal computers

Of course I changed my password everywhere else, and interestingly enough only SXP and FL were hijacked. (I'm with about 10 agencies)

That is horrible. It could have been worse if you were on vacation and didn't check your accounts. I wont leave too much money in my accounts after reading this. The sites could improve this by sending us an email if a withdrawal request has been made to a new email address.

I am now pleased that they sometimes take a while to send us payments. That might be enough time to stop this happening.

__________________
istock-Shutterstock-Bigstock-Mostphotos-Dreamstime-Stockxpert

No kidding! Now I won't complain anymore that it takes a couple of days to cash out!

So with FTL the guy tried to convert ALL my credits to buy images, but they locked my account just in time.

With SXP, the guy changed my email, password, and paypal address and tried to cash out. But the SXP team got my emails just on time and recovered my account.

That was very close!!

Scary.....
But how could this happen?
Didnt SXp have a security issue a couple of weeks ago?
I think I read a warning on this forum about it.
Could it be related to that?

Wow. That's really scary! Especially when it comes to Fotolia, because they still haven't fixed that serious problem on the profile pages for US contributors.

Time to go change passwords.

__________________
Photography by Karin Lau | SmugMug Pro Account | Shutterstock | Mostphotos | StockXPert | Dreamstime | iStock | 123RF | BigStock

How did you figure it out? Were you just unable to login or was there some other indicator. I check each site at least once a day, but I'm not sure I know what to look for.

Ah....nevermind. I just got done reading your other thread. You were unable to login to either site.

__________________
ShutterStock
Dreamstime
iStockPhoto
Albumo
Fotolia

It happens because the vast majority of microstock sites do not use https for login, so data travels in clear from node to note and anyone having access to any of these nodes can log it. That's a lot of people.

Other than that, dictionary attack, or spyware in your PC.

OR... and I hate to even think this, someone at one of the sites, is stealing passwords and using them on other sites, or selling them.

I used to manage a bulletin board and when I worked for another site, I noticed that many people used the same password for everything, because it was easy to remember. Also easy to hijack!

It's also possible that someone hacked into one MicroStock site, got their database and user files, and then went to other sites.

Just some WAGuesses.

Personally I have a stenographers notebook, which is a real problem when I'm on the road without it, I don't lug it around, and I write down the password for each individual site. I don't have anything worth stealing, but just to try to prevent the potential hassles, I don't use the same password for anything financial. Forums are a little less secure, I use a number of different ones, but some are duplicated when I'm lazy. Not much interest from impersonators, when there's no financial gain involved.

I'd hate for someone to get into my PayPal account, because I used the same password at Bill and Ted's Excellent Adventure forum one time in 2005. :-D

Looks like hacking into Micro accounts is getting to be a problem. Didn't someone else have the same problem a few weeks ago?

Hopefully the person who did this, gave their own email and account information, so they can hang him by his... ah... own evidence. :twisted:

__________________

This is a reply on microstockgroup from an SXP person:-

__________________
istock-Shutterstock-Bigstock-Mostphotos-Dreamstime-Stockxpert

Steve is wrong, they did not get access to my email, I use a different password with my email accounts.

The very strange thing is that out of my 10 microstock accounts, only SXP then Fotolia got Hijacked. I work in IT so I know how to keep my PC free of spywares.

What needs to happen is a more secure profile!!! Why can't they implement basic security features, such as if you try to change core information like email address/password, they should send an email to your original email confirming the change.

Or do like paypal and ask for additional information: if you try to change email or password they ask for your full bank account number.