3436 posts
  • Has sold $5,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Located in United States
  • Has been part of the Envato Community for over 4 years
+1 more
organicbee says


Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

why not add multiple security credentials(phone numbers, email, pets name etc)

with a company that handles so much of other peoples money you’d think that be in place already

or do login security codes for unknown browsers/ notification if someone logs in from a different browser(similar to how facebook handles it)

149 posts Designer & Developer
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Has sold $125,000+ on Envato Market
  • Sells items exclusively on Envato Market
+6 more
Webbu says



Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

why not add multiple security credentials(phone numbers, email, pets name etc)

with a company that handles so much of other peoples money you’d think that be in place already

or do login security codes for unknown browsers/ notification if someone logs in from a different browser(similar to how facebook handles it)

+1 And i feel not in secure while loggining. It is easy to someone crack password and delete items and do much more things. I can prefer something for security;

  1. Google’s system is perfect after login second confirmation from mobile phone message. This system is perfect for security.
  2. Password recovery option with mobile phone.
  3. SSL For admin area and login area
  4. Human verification (captcha) on login page.
  5. The last thing if someone trying to enter too much wrong password like 5 time or 10 time envato must be log that ip and block for 24 hour.
  6. And while changing something like email addres need to confirm before change with email.
  7. Even we not have a secret question or something like that :)

We absolutely need these things. This is just my opinion.. :)

149 posts Designer & Developer
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Has sold $125,000+ on Envato Market
  • Sells items exclusively on Envato Market
+6 more
Webbu says

Security questions are a waste of time because they’re too easily cracked. Facebook makes it far too easy for an attacker to gain the required info. Captcha’s on logins ONLY after several failed attempts. There is no reason to be adding one unless there is genuine doubt that the user isn’t human.

For security question you are right. And captcha +1 too. Urgently Envato need fix these things.

590 posts
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
  • Made it to the Authors' Hall of Fame
  • Sells items exclusively on Envato Market
+5 more
CodeSwift says

@Smartik, did you get your account back?

63 posts
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
PrimeThemes says

@Smartik, did you get your account back?

+1 , I’m also curious

edit : http://themeforest.net/user/Smartik – page not found?

18 posts
  • Has been part of the Envato Community for over 2 years
  • Has collected 1+ items on Envato Market
  • Sells items exclusively on Envato Market
AndreiSmartik says

@Smartik, did you get your account back?

Waiting for response from support.
Two days and nothing. :(
I wrote on Twitter my ticket number, yesterday, but looks like I have to wait more.

edit: “REQUEST STAFF REPLY” – hope this will help a little.

149 posts Designer & Developer
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 5 years
  • Has sold $125,000+ on Envato Market
  • Sells items exclusively on Envato Market
+6 more
Webbu says
+1 And i feel not in secure while loggining. It is easy to someone crack password and delete items and do much more things. I can prefer something for security;
  1. Google’s system is perfect after login second confirmation from mobile phone message. This system is perfect for security.
  2. Password recovery option with mobile phone.
  3. SSL For admin area and login area
  4. Human verification (captcha) on login page.
  5. The last thing if someone trying to enter too much wrong password like 5 time or 10 time envato must be log that ip and block for 24 hour.
  6. And while changing something like email addres need to confirm before change with email.
  7. Even we not have a secret question or something like that :)
We absolutely need these things. This is just my opinion.. :)

Is Envato thinking to change security level of system?

6110 posts
  • Member of the Envato Team
  • Has been part of the Envato Community for over 5 years
  • Located in Canada
  • Joined us in one of our Envato Live Events
+13 more
KingDog Envato team says

Can you give me your ticket number? Thanks!

6110 posts
  • Member of the Envato Team
  • Has been part of the Envato Community for over 5 years
  • Located in Canada
  • Joined us in one of our Envato Live Events
+13 more
KingDog Envato team says


My ticket ID: LJM-913-26340

Thanks! :)

1773 posts Multimedia Artistry
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has been part of the Envato Community for over 3 years
  • Contributed a free file of the month
  • Won a Most Wanted contest
+4 more
dnp_theme says

I think you need your account back, for the 70% percent income if you were an elite, Envato should work hard to get you back to normal.

Yea it’s ok if you only lost a couple of bucks, just get your hard worked account back.

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by