Σήμερα έλαβα ένα E-mail από τον Collis Ta’eed, τον CEO του Envato. To Envato είναι επιχείρηση εκατομμυρίων και πουλάνε διάφορα script, εικόνες από διαφόρων ειδών marketplaces. Σήμερα έγινε μια επίθεση και όπως φαίνεται οι attackers κατάφεραν και πήραν την πλήρη λίστα με τα email και τους κωδικούς πρόσβασης των μελών.
Οι κωδικοί δεν ήταν κρυπτογραφημένοι! Το εξωργιστικό αυτό γεγονός έχει προκαλέσει πάρα πολύ έντονα την αντίδραση όλων των πελατών του Envato και πιο συγκεκριμένα των μελών του tutsplus που τώρα πρέπει να αλλάξουν όλους τους κωδικούς τους.
Στο Internet έχουμε την συνήθεια να χρησιμοποιούμε κάποιον κωδικό που απομνημονεύουμε παραπάνω από μία φορά με αποτέλεσμα αν υπάρχει ρήγμα ασφαλείας κάπου ο κωδικός μας να είναι σε λάθος χέρια.
Από το Envato λένε ότι τώρα στόχος των attackers είναι οι λογαριασμοί PayPal, MoneyBrookers και άλλα payment services αλλά και το E-mail account.
Πιστεύω ότι είναι γελείο αυτή η κατάσταση να μην έχουν salted και encrypted τους κωδικούς πρόσβασης των μελών.
Ορίστε το original email:
I'm Collis Ta’eed, CEO of Envato. We run Tuts+ Premium (tutsplus.com). I am writing to you with urgent and important information about a security breach on the Tuts+ Premium service. You are receiving this email because at some point in our history you have signed up an account with Tuts+ Premium with the username: ggirtsou.
Today we learned that our server was compromised, and sensitive data including email addresses and passwords were accessed before we were able to detect and stop the unauthorized intrusion. We have taken immediate measures to take Tuts+ Premium offline and to secure the servers and systems. However because passwords and details have been compromised, you should take immediate action as follows:
-- Why You Are Getting this Email
If you have ever signed up to Tuts+ Premium, even if you didn't follow through with a payment, or your account expired, then your username/password/details were in our database. We are emailing all users to notify them. We apologise for having to send a mass email, but it's very important that all users are made aware of the situation to contain any further repercussions.
-- What To Do
(1) Update passwords on ANY service you use that uses the same password as you had on Tuts+ Premium.
(2) In particular you should consider your own email account, PayPal, Moneybookers, and other payment services. These are the most sensitive targets, and if you had the same password, you should consider this an urgent priority. If you can’t remember what your Tuts+ Premium password was, we encourage you to change passwords on all services you use.
(3) If you use the same password on any other Envato service such as the Envato Marketplaces, you should change your password there too.
-- Where to Go For More Information
We have a post on our Envato Notes blog explaining in detail the situation, what has been compromised, what you should do, and giving answers to questions you may have. Go to the main tutsplus.com domain and follow the link to Envato Notes to read more. Alternatively you can jump straight to the blog post by following this link:
-- When Tuts+ Premium Comes Back Online
We are urgently working towards bringing the service back online and anticipate it should happen within 48 hours. We apologise for the inconvenience of Tuts+ Premium being offline during this time. When the site is back online, your password on the system will have been reset to a randomised string and you will need to update to a new password. Instructions will be posted on the site at the sign in point.
-- We're Extremely Sorry
We are deeply sorry this has happened, and are working hard to address the situation as best we can. We have published a full report on the Notes blog as mentioned above, and will update it further as more information comes to light.
If you have any questions, concerns or account-related requests, please don't hesitate to contact Envato Support: http://support.envato.com
This is a one-off security related email sent to users of Envato Tuts+ Premium (tutsplus.com) who have previously created a username and password in our registration system . You have not been subscribed to an email list.
You will only be on the Tuts+ Premium general email newsletter list if you have opted-in via the account settings on the Tuts+ Premium site.
Our mailing address is:
PO Box 21177
Little Lonsdale Street, Victoria 8011
+61 (0) 3 8376 6284