I really don’t know what to say – I have come here today and learnt that Envato was hacked a few days ago. I really have no words to describe how angry I am at Envato as a whole.
You were a few days ago teaching us about security at how linkedin got hacked (and other services) and it seems like you guys were a sitting duck.
Do you really find it acceptable to be using services you clearly knew were storing password’s in plaintext? Did you really think you were never going to get hacked, where all the other big services around you are getting hacked.
So I would like to have some answers to the following questions:
1: What is the scope of the attack – does this cover all Envato marketplaces or other areas across Envato that have a login system?
2: What damage has been caused – Have the password’s been leaked? How did the attack happen and what data was leaked from your system (anything other than password’s)?
3: Why did you let this happen – I can’t understand why you let this happen? You pride yourself on being the place where you can learn, yet you have kept plain text password’s for all this time?
Lastly, I hope Envato is punished for this. They are giving free tuts+ premium access for 2 months to all affected. It’s no lie that content will end up in places where you don’t want it to be. That’s a punishment Envato will have to accept for failure to employ the basic security practises.
P.S how ironic is this at the support center:
“User Accounts in the Support Center are not linked to your Marketplace user accounts, single sign on coming soon!”
Great, so now if our user accounts get hacked our support tickets will also be hacked along with it – great thinking Envato!
As per AGSoft has pointed out, you can find all your questions answered over on Notes.Here are some links to the posts:
Considering there is nearly a thousand responses to the posts on Notes and this was an incident not involving the marketplaces, I don’t think it is appropriate for this to spill over on to the Forums here, so I am going to lock this thread for now.