18 posts
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 1-2 years
AndreiSmartik says

On it. I’ll let Justin know right now. Thanks for brining it to our attention.

Thank you, Travis. Hope to get this problem fixed soon. :)

238 posts
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Most Wanted Bounty Winner
  • Referred between 10 and 49 users
  • Sold between 10 000 and 50 000 dollars
dmsumon says

I think Envato must implement two step verification like Google’s gmail. Then if someone get to know our passwords even then they can’t access our accounts because they don’t have our mobile phone. I think Envato should consider this after all the accounts are very valuable assets to us it doesn’t only have money but also many premium items some of which may be sold 1000 times.

238 posts
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Most Wanted Bounty Winner
  • Referred between 10 and 49 users
  • Sold between 10 000 and 50 000 dollars
dmsumon says

Actually, we need freaking ssl. We still login by sending cleartext passwords over a not encrypted connection, this is not acceptable for a site with a 2 millions userbase where shitload of money is held into users account balance.

+++++ 10000000

2159 posts
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
  • Has been a member for 5-6 years
  • Sold between 10 000 and 50 000 dollars
  • Grew a moustache for the Envato Movember competition
  • Beta Tester
  • Bought between 50 and 99 items
  • Canada
Nitro_Themes says

I would add a hint after the password when you log in like a secret question. If you do not know it well you cannot get in.

I think SSL would be a real good option.

Cheers

Lester

468 posts
  • Envato Staff
  • Envato Developer
  • Australia
  • Bought between 1 and 9 items
  • Has been a member for 2-3 years
  • Exclusive Author
justinfrench Dev says

Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

66 posts
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in a Mini Bundle
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Exclusive Author
  • Author had a Free File of the Month
  • Envato Studio (Microlancer) Beta Tester
+3 more
smartdatasoft says

I am a author on codecanyon and themeforest also. I know him . The Evanto security must need more strict. The support system take now a days lots of time.

So my suggestion is that there must be a strict rules like google email address change. Like if i want to delete my account a email confirmation will go if i clicked then item will delete.

Same to email address changes. The problem is that if any one hack account and delete all product than it take lots of time to upload product. :(

So please we all author wants some kind of security we need so that if account is hacked we can stop by some link reset the password.

Smart data soft

1 post
  • Bought between 10 and 49 items
  • Has been a member for 1-2 years
shilenko says

Andrei, this is either a poor management practice or a breach in security. Both cannot be tolerated at this reputable resource!

639 posts
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 2-3 years
  • Haiti
Crakken says


Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

Then what you can do is ask some info that only the author may know.. Sadly you never asked personal questions like “What is the country you first kissed” when we were signing up… so maybe ask questions about our items?

725 posts
  • Elite Author
  • United Kingdom
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Exclusive Author
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Referred between 200 and 499 users
+2 more
josweb says

What awful news Andrei! I have everything crossed for you! xx

18 posts
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 1-2 years
AndreiSmartik says

Thank you for support friends. I hope to get soon an email from “envato support”, and restore my account. :)

by
by
by
by
by
by