iStockphoto struck by phishing attack

Filed Under: Phishing, Spam

Users of the huge iStockphoto online photo library are being advised to change their passwords following a phishing attack against the website.

According to a statement on the website, the phishing attack was perpetrated across iStockphoto's online forums and via the site's mail system, directing unsuspecting users to a bogus login page which requested their username and password.

Warning from iStockphoto

The online photo store, that was acquired by Getty Images in 2006 and is beloved by marketing people the world over, went offline earlier today as iStockphoto security team investigated the attack.

From the sound of things, iStockphoto is still working its way through users' site inboxes, removing the offending messages. In the meantime, users are advised to steer clear of opening their site mail and - of course - to change their passwords.

At first I was concerned that iStockphoto weren't doing enough to warn their users about the security threat - after all, it appeared that they had squirrelled the warning away on their support pages rather than on the home page where it would be more prominent.

However, when I logged into the site, I did find more information when I scrolled down to the "Community news" section:

Posting for users who log in to iStockPhoto

You may wonder, why should anyone care that they have lost their iStockphoto credentials? Surely all that can happen is that someone can download images at your account's expense?

Well, the danger is that so many people use the same password for every single website they access. That means, if they have your iStockphoto password then they also have your Amazon password, your eBay password, your PayPal password, your Facebook password, your Twitter password, your Hotmail password...

You get the idea?

It's crazy using the same password for every website you access. If you do that, change your habits. Right now.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.