60 posts
  • Has referred 10+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Made it to the Authors' Hall of Fame
+3 more
Greysound says

My Dear Fellow Authors, My Friends, Brothers, Sisters,

I am proudly a part of this great community since June 2009. It is an honor to take place amongst such talented people like all of you, all around the world.

On the other side, i am very happy with my progress in passing years and witnessing how this awesome community grows even bigger and stronger. That is why i feel like i am obliged to warn every single one of you by starting this topic, after the upsetting incident i have experienced last night!

Last night, towards morning, my account has been hacked and the money that i earned last week has been used for purchasing 2 items from Codecanyon.

Luckily, my business associate has witnessed the first drop in the amount of total money and informed me about it immediately. We instantly changed the password but it was too late for us to prevent that person from purchasing another item and download it.

I contacted with Envato Support, explained the situation and thanks to them (especially many thanks to Thinesh P) they shared some information with me. Now i have the IP adress of this person and know where he lives. A couple hours later i will be taking legal actions against him.

Long story short,

Obviously some ill disposed person can always reach our accounts by getting our passwords, no matter how hard we protect them. I was lucky enough to notice his actions and instantly interfere before he does worse things with my Audiojungle account.

Please make sure you protect your passwords to keep your business safe! Otherwise, you may end up like me;

-Losing money that you hardly earn,

-Letting someone to rob you indirectly (by buying items with your money),

-Having items that you would never buy in your Downloads section,

-And having a buyers’ badge on your profile that you never ever intended to have (I know, it is tragicomical)

Now, here is my suggestion to Envato management & boards to prevent these kind of situations to take place again;

There can be an e-mail confirmation system when someone purchase an item (especially if that someone is an author and is using his/her own savings on Envato marketplaces instead of some other payment methods that requires actual money to buy an item). Maybe you can let them confirm the transaction after they actually buy it and send a download link to their e-mail adresses for the item they just bought. This way, you can save us from ending up our accounts getting hacked. I know buyers receiving an e-mail that contains a download link after purchasing an item, but you know, it is not my point.

Anyways, thank you for sparing your time to read this topic. I wish you all a safe business… Best regards,

Murat of Greysound

484 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 100+ members
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+6 more
omarabid says

I don’t think the email confirmation thing is good. Just protect your password and you’ll be fine.

1950 posts Do the Needful
  • Has sold $125,000+ on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 4 years
  • Has referred 10+ members
+10 more
JamiGibbs says

That does sound like a scary ordeal for you to have gone through. I’m glad that you noticed it fast enough so that not more damage could have been done and that Envato support was so helpful.

I don’t think there’s anything wrong with the purchasing system in place now though. Protecting your password (and making it a strong password on top of that) is the most important thing.

3714 posts Community Moderator
  • Helps us moderate the forums
  • Contributed a tutorial on Tuts+
  • Located in Netherlands
  • Made it to the Authors' Hall of Fame
+9 more
Joost Moderator says

The important thing with these kind of ‘hacks’ is always: how did the intruder obtain your password? I’m sorry to say that the problem nearly always exists between keyboard and chair – it’s highly unlikely that the system was somehow exploited.

Are you sure there’s no keylogger on your computer? Make sure you run a few scans, or it could just happen right again with your new password. Is your password the same as a password you use on less-secure systems where the staff of those other systems might be able to see into the database and see your password? Has your e-mail account perhaps been cracked as well, and did the intruder simply request your Envato password to be sent there (or even read it in an old inbox message)? Did you fill your password in at any phishing site (site that looks like envato but isn’t envato)?

Glad you could get the IP and home address of this person – that’s quite rare, actually :o Curious to find out how this story progresses!

2002 posts
  • Has referred 50+ members
  • Has sold $500,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
bitfade says

The important thing with these kind of ‘hacks’ is always: how did the intruder obtain your password? I’m sorry to say that the problem nearly always exists between keyboard and chair – it’s highly unlikely that the system was somehow exploited.
that’s wrong.

username and password are sent clear text, a sniffer placed on any machine between author and envato server can record those data.

and you can do nothing about it.
1173 posts
  • Has been part of the Envato Community for over 5 years
  • Located in Australia
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+3 more
Motionreactor says


The important thing with these kind of ‘hacks’ is always: how did the intruder obtain your password? I’m sorry to say that the problem nearly always exists between keyboard and chair – it’s highly unlikely that the system was somehow exploited.
that’s wrong.

username and password are sent clear text, a sniffer placed on any machine between author and envato server can record those data.

and you can do nothing about it.

I wonder why we can’t just solve this problem with HTTPS then. At least on the login page and author dashboard.

368 posts plop
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has been part of the Envato Community for over 5 years
  • Made it to the Authors' Hall of Fame
+8 more
kimonothemes says



The important thing with these kind of ‘hacks’ is always: how did the intruder obtain your password? I’m sorry to say that the problem nearly always exists between keyboard and chair – it’s highly unlikely that the system was somehow exploited.
that’s wrong.

username and password are sent clear text, a sniffer placed on any machine between author and envato server can record those data.

and you can do nothing about it.
I wonder why we can’t just solve this problem with HTTPS then. At least on the login page and author dashboard.

+1

4335 posts
  • Has been part of the Envato Community for over 6 years
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has been a beta tester for an Envato feature
+10 more
Reaper-Media says

+1! :-o

An SSL connection would be a great addition to the marketplaces, considering the large amounts of money that there reside here :-)

2002 posts
  • Has referred 50+ members
  • Has sold $500,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+9 more
bitfade says

if no ssl, at least challenge/response auth

1677 posts Envato Elite Author
  • Has referred 10+ members
  • Has sold $125,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+6 more
Tean says

Yes Envato, SSL please.

by
by
by
by
by
by