18 posts
  • 4 Years of Membership
  • Collector Level 1
  • Exclusive Author
AndreiSmartik
says

On it. I’ll let Justin know right now. Thanks for brining it to our attention.

Thank you, Travis. Hope to get this problem fixed soon. :)

248 posts
  • 5 Years of Membership
  • Affiliate Level 2
  • Author Level 5
  • Collector Level 1
+2 more
dmsumon
says

I think Envato must implement two step verification like Google’s gmail. Then if someone get to know our passwords even then they can’t access our accounts because they don’t have our mobile phone. I think Envato should consider this after all the accounts are very valuable assets to us it doesn’t only have money but also many premium items some of which may be sold 1000 times.

248 posts
  • 5 Years of Membership
  • Affiliate Level 2
  • Author Level 5
  • Collector Level 1
+2 more
dmsumon
says

Actually, we need freaking ssl. We still login by sending cleartext passwords over a not encrypted connection, this is not acceptable for a site with a 2 millions userbase where shitload of money is held into users account balance.

+++++ 10000000

2324 posts
  • Trendsetter
  • Author Level 6
  • Collector Level 3
  • Affiliate Level 1
+8 more
Nitro_Themes
says

I would add a hint after the password when you log in like a secret question. If you do not know it well you cannot get in.

I think SSL would be a real good option.

Cheers

Lester

536 posts
  • Collector Level 1
  • Envato Team
  • Australia
  • 4 Years of Membership
+1 more
justinfrench
Envato team
says

Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

85 posts
  • Copyright Ninja
  • Trendsetter
  • Weekly Top Seller
  • Elite Author
+11 more
smartdatasoft
says

I am a author on codecanyon and themeforest also. I know him . The Evanto security must need more strict. The support system take now a days lots of time.

So my suggestion is that there must be a strict rules like google email address change. Like if i want to delete my account a email confirmation will go if i clicked then item will delete.

Same to email address changes. The problem is that if any one hack account and delete all product than it take lots of time to upload product. :(

So please we all author wants some kind of security we need so that if account is hacked we can stop by some link reset the password.

Smart data soft

1 post
  • 3 Years of Membership
  • Collector Level 2
  • United States
shilenko
says

Andrei, this is either a poor management practice or a breach in security. Both cannot be tolerated at this reputable resource!

639 posts
  • Author Level 2
  • Collector Level 2
  • Exclusive Author
  • 4 Years of Membership
+1 more
Crakken
says


Envato need to change this immediately if it is how I am reading this – it’s a useless email if it’s not a confirmation email (confirm to change email – if you don’t, it does not change), very bad practice, especially on a site where people earn money.

Agreed — email changes should be confirmed by the existing email address, and password changes should at least be notified to the current (confirmed) email address. We’ll find a way to correct this very soon.

Update:

Thinking about this some more, it isn’t so simple (is it ever?). There’s a downside to confirming an email address change via the original email address: If you no longer have that email address (you change jobs, or closed the email account, or lose control of the email account to a hacker), then you’re stuck.

This would be the most common scenario for email address changes. The “someone maliciously changed by Envato email address” scenario that happened here is an edge case, so beefing up the security for the edge case would make everything worse in the common case.

Lots to think about, and we are.

Then what you can do is ask some info that only the author may know.. Sadly you never asked personal questions like “What is the country you first kissed” when we were signing up… so maybe ask questions about our items?

745 posts
  • Top Monthly Author
  • Weekly Top Seller
  • Elite Author
  • Author Level 8
+9 more
josweb
says

What awful news Andrei! I have everything crossed for you! xx

18 posts
  • 4 Years of Membership
  • Collector Level 1
  • Exclusive Author
AndreiSmartik
says

Thank you for support friends. I hope to get soon an email from “envato support”, and restore my account. :)

by
by
by
by
by
by