Someone hacked my account - please help
Nicci
Registered Users Posts: 436 Major grins
Someone changed my login info/email and changed my site. I can't find a number to call. Please help! :cry
0
Comments
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
Homepage • Popular
JFriend's javascript customizations • Secrets for getting fast answers on Dgrin
Always include a link to your site when posting a question
This waiting game is ridiculous and now someone has access to my entire site and was able to lock me out by changing the email address.
Even twitter sends a confirmation email to the old email address before implementing any changes.
Portfolio • Workshops • Facebook • Twitter
The very fastest way to get us is http://smugmug.com/help/emailreal
We never close, 365 days a year.
how did your account get compromised - did you give out your password?
Portfolio • Workshops • Facebook • Twitter
also, they keep putting a slideshow of weird overweight people
thankfully i was still logged in so i can keep changing the way the page looks to the public but that is it
with information so sensitive on this site, why wouldn't you confirm with the old email address before updating to a new one?
My heart rate is elevated!
Nicole - no need to post more here. Rich has all your tickets at the help desk.
Portfolio • Workshops • Facebook • Twitter
But there are security issues with the site that others should know of, no? I have not been satisfactorily helped AND I made him aware of security issues that would allow someone to make changes even after the email address and password were changed. And then after I was told it was resolved, more changes were made to my site that I am told is not fixable.
So all of my work is down the drain and there are still security problems on my site?
I am sorry if I seem upset, but all of this could have been prevented. The person that did this to me called himself a "malevolent hacker" and was somehow able to obtain access to my site without my permission.
There was no security in place to prevent him from changing my email address. (simple confirmation to old email address would have prevented this)
AND, there was no security in place to prevent him from making further changes once the email address and password were changed by SmugMug. As long as he did not log out on his computer, he was able to make more changes to my site and essentially destroy it.
Then I was told that SmugMug can't fix the changes he made.
Does any of this seem fair?
Hi Nicole, I'm investigating, please standby.
Portfolio • Workshops • Facebook • Twitter
Thank you because changes are still being made now and I have no control.
PLEASE help me put my site back how it was. The major changes were not made until after I was told the email address and pw were changed. I shouldn't have to be going through this for something preventable.
- Andy
Portfolio • Workshops • Facebook • Twitter
Thank you Andy. I am still waiting on some answers and fixes, but things look a lot better than before.
Also, it appears as if there are some security issues with the site that need to be worked out.
For instance, if someone gains access to your account and changes your email address, there is no "safety net" of a confirmation email to the old email address.
Also, if a user believes their account has been compromised and changes their email address and/or password, anyone currently logged into the account can still make changes to the SmugMug site as long as they do not sign out of the site.
So in my case, I alerted SmugMug to the problem and my email address and password were changed. I was told the problem was solved. But then after that, I sat here and watched more and more of my site change and I had no control over it.
In my opinion, this is a big problem that not only should be fixed, but I think it is only fair that current users are notified that all of their work (customizations and photos) can easily be compromised - even if they change their login info.
I am a newer user, and I love SmugMug so far even with this incident. But if I had known this was an issue, I would have handled things differently. Is there a way to either fix the security problem right away, or send a message to users letting them know of the issue?
Portfolio • Workshops • Facebook • Twitter
This email confirms that your email address has successfully been changed to XXX. From now on, you'll need to use XXX to log in to your SmugMug account.
Thanks for being a part of the SmugMug family!
http://www.smugmug.com
That is how I found out the account had been hacked, but I was locked out. They attempted to do the same with my twitter account, but twitter sends an email to the old address before allowing the change to be valid. And twitter is not holding a photographer's original works. Don't you think there should be more security in place and/or users should be aware of the vulnerability?
Additionally, it still stands that if a user realizes that their account is compromised and they change the login info, that does not lock out anyone who may have already obtained access to the account.
I was told that I would be assisted further yesterday, but Rich did not get back to me.
I was told that things could go back how they were and they aren't there yet.
I simply would like help putting things back the way they were or I would like an answer to the questions that I emailed Rich about me needing to go back and fix everything.
The person who obtained access to my account only made some minor changes. However, even after Rich changed the email and password and removed some of the horrible things he was posting, the hacker continued to make changes to my site. He could not stop him.
In order to attempt to rectify the problem, Rich created a whole new account for me and closed the one the hacker was using. That is because of the security vulnerability. There was no way to lock the hacker out as long as he didn't sign off.
In doing so, I lost all the site-wide settings and customizations that were still there before Rich duplicated the account.
So understandably, I am still a bit upset and wondering why it was not resolved yesterday as I was told?
However, I would rather have someone get back to me within the time frame I was told. At least let me know you all need more time.
I would like to know what is going on please.
And will these security issues be resolved?
We've been digging in google cache, and working to get your site back, Nicole. All weekend. Please have patience, Rich will get back to you, I promise.
Portfolio • Workshops • Facebook • Twitter
We're looking at this. Thanks for pointing it out!
Portfolio • Workshops • Facebook • Twitter
Apologies for impatience, I understood I would hear something Saturday and was concerned when I didn't.
Thank you for all your help. Things are almost back to normal.
It was so stressing to watch it all go down the tubes. Although my site looks very simple, it actually took me a great deal of time to sort through all the available customizations and get things how I preferred. I am very new to all of this.
I hadn't even been able to finish upload my galleries and get things going! The only thing I completed was my design and customization and I couldn't believe I had to watch it all get flushed!
Whew. I still wish I knew how he obtained my password. I found out the person that did this was someone who helped me with my portal page at humansafterall.com. But he did no work on and did not have access to my SmugMug account.
Did you have the same password in both places?