632 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude says

In response to: http://codecanyon.net/forums/thread/censorship/68217

So, if any of you caught it, I made a thread called “Secure? Yeah…Right” which basically was a document containing a few things I had found that contributed to the recent attacks on Envato. I felt like I had to expose a multi million dollar company not to say “I did it”, but because I felt it’s important everybody is aware why and how your accounts got hacked – it’s important to know the details behind it.

I do understand that I could have handled this better, but I am not an Envato employee, I am just somebody who tries to contribute here and there.

Sorry for anybody involved if you found my post somewhat crosses the boundaries of what is and isn’t tolerated. I would appreciate it if this thread can be left open for a bit of discussion – I love reading what other forum members have to say. Locking threads down (such as the “Censorship” thread irritates me a lot (which is why I have created this thread now) ).

I hope Envato starts to appreciate what the community does for you. I could have posted this outside Envato’s scope and potentially it could have been used to fuel more attacks – I (sort of) did the right thing here.

Most of what I reported has since (thankfully) been fixed. Yes I have copies of my message but I won’t be posting them here again (since the issues have now been patched up, I can’t see the harm in making it public now). I feel my duty here has been done. I will not be reporting any more security bugs that are found. Envato should learn from this and employ a security advisor whose job it is to hack the Envato websites to try and find bugs. This isn’t my job.

Thank you!

7384 posts
  • Has been part of the Envato Community for over 5 years
  • Has sold $40,000+ on Envato Market
  • Sells items exclusively on Envato Market
  • Located in Europe
+5 more
doru says

I think you did a good thing finding that issue, no need to apologies in my opinion, yes maybe it would had been better contacting envato staff and show them the problem privately.

They should give you a sheriff badge! :)

5391 posts
  • Member of the Envato Team
  • Has been part of the Envato Community for over 4 years
  • Located in Canada
  • Joined us in one of our Envato Live Events
+12 more
KingDog Envato team says

Don’t get me wrong, we very much value our community and all the hard work you do to make this place awesome. I’m sorry if it came across like we were trying to assert heavy-handed censorship. It’s just that posting potential exploits in a public forum only encourages bad behavior. Our Support team is here to make sure the right people are informed (and they have been). Thanks!

3072 posts
  • Has referred 50+ members
  • Has sold $40,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Had an item featured on Envato Market
+5 more
wickedpixel says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

588 posts Don't be so humble - you are not that great.
  • Has referred 10+ members
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has collected 10+ items on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
+4 more
plusquare says

Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

639 posts
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
  • Has been part of the Envato Community for over 2 years
+1 more
Crakken says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

hahahahha :D ROTFL !

632 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $100+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
Thecodingdude says

Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

In all fairness, that is no way near as fun. And posting publicly got the issue sorted far faster (they could not have afforded not to fix this right away).

Also “Google Will Pay $1 Million for Chrome Hacks”: http://www.pcmag.com/article2/0,2817,2400878,00.asp

Hacks are worth millions to some companies. I’m not sure why Envato doesn’t roll a similar program.

5391 posts
  • Member of the Envato Team
  • Has been part of the Envato Community for over 4 years
  • Located in Canada
  • Joined us in one of our Envato Live Events
+12 more
KingDog Envato team says

We’re just trying to figure out why a theme we purchased is no longer up on the site and we cannot get ahold of the author. We purchased the theme, used it for a presentation to the stock holders and now we are unable to download the theme that we rightfully purchased. Contacted support, but they have no been helpful. Is this part of the security breach? Are items being taken down by hackers or something?

Themes can be removed for many reasons including a request from the author and if it no longer meets quality standards. The security problem was only on Tuts+ not the Marketplaces at all. Thanks!

1431 posts Determined to give you nothing but the best!
  • Has sold $125,000+ on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
+8 more
mrcharlesbrown says

It is actually not good to be talking about hackers in the forum because it can only bring wrong impression to this community and Envato marketplaces as a whole.

Thanks Thecodingdude for your effort but it is best not to talk about hackers. It can only drive more bad people here to make an attempt.

Best regards.

Charles Brown

5346 posts The Dude Abides
  • Located in United States
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $125,000+ on Envato Market
  • Has been part of the Envato Community for over 5 years
+9 more
CodingJack says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

:D

Personally I don’t all the fuss. Do people really use the same passwords for everything, especially people in this industry who should know better? Not sure if anyone’s marketplace credit got stolen, but if that were the case I’m sure Envato would replace it. The fact that all payments are made offsite and are therefore protected by default is the only thing that matters to me.

by
by
by
by
by
by