|
|
Post by Sepiana on Nov 30, 2016 4:24:14 GMT
Hi everyone,
I have just received an e-mail from Victoria Bampton, the Lightroom Queen, with this piece of bad news -- her website was hacked yesterday. It looks like the hacker switched the "Purchase" buttons to point to his Paypal account instead of hers. Please check your e-mail for the details as soon as possible. She has instructions how to go about double-checking your PayPal account/e-mail confirmation (if you recently purchased her books) and about resetting your password (if you are a book owner/premium member).
She has also confirmed that NO FINANCIAL DETAILS WERE EVER AT RISK. The site was down yesterday but it is up and running now. Once again her site is clean, safe and secure.
|
|
|
|
Post by deprosq on Nov 30, 2016 5:28:16 GMT
. . She has also confirmed that NO FINANCIAL DETAILS WERE EVER AT RISK. . .... ... I'm not convinced someone could give a 100% guarantee like that unless they show how they arrived at that conclusion. If a hacker had indeed redirected the paypal page to their own paypal account it is very possible they had also done something else to capture login details or credit card numbers of those who chose to pay by credit card at the paypal page (which is always an option offered by paypal). I would advise anyone who made purchases during the affected time to be very vigilant scrutinising their paypal and/or credit card statements for unauthorised transactions in at least the near future and not just blindly accept assurances that no sensitive information was taken without proof. |
|
|
|
Post by Sepiana on Nov 30, 2016 5:36:45 GMT
To anyone following his thread.
Victoria Bampton did explain how she and the security experts arrived at the conclusion that her site is once again clean, safe, and secure. Please refer to your e-mail for all the details.
|
|
|
|
Post by Tpgettys on Nov 30, 2016 5:47:54 GMT
I'm not convinced someone could give a 100% guarantee like that unless they show how they arrived at that conclusion. I had the same thought as you. I would be very circumspect about trusting these claims. I would advise anyone who made purchases during the affected time to be very vigilant scrutinising their paypal and/or credit card statements for unauthorised transactions in at least the near future and not just blindly accept assurances that no sensitive information was taken without proof. Very good advice! |
|
|
|
Post by deprosq on Nov 30, 2016 5:54:34 GMT
well...it's unfortunate that only those who receive an email will be in a position to judge for themselves, based on the information in the email, if the site is really safe or not. For the many people in my position who have now been made aware that there was a significant security breach there might always be some doubt if the site is really safe or not because we won't be given the information contained in the email. It's a pity, because had I not been made aware of the security breach, via your earlier post, there is a good chance I would have made at least one purchase from the site in the future. Now, given the uncertainty in the security of the site because I won't be given an opportunity to see the contents of the email, I will definitely not be purchasing anything from that site. Perhaps most people in my position would have been better off if you had not made us aware of the security breach. Basically, given the lack of information common sense says if it happened once, it could happen again (at least in my experience). I wish I hadn't read your post in the first place  |
|
|
|
Post by Sepiana on Nov 30, 2016 5:56:31 GMT
I had the same thought as you. I would be very circumspect about trusting these claims. I am not telling anyone to trust Victoria Bampton's claims. One needs to read the e-mail to get all the details involving this situation and what she and the security experts have to say about it. You can contact her with any concerns you may have. My statement -- "Once again her site is clean, safe and secure" -- was a paraphrase of she said in her e-mail. |
|
|
|
Post by lightroomqueen on Nov 30, 2016 8:41:23 GMT
Hi guys
This thread popped up on my feed, so I just wanted to answer any questions anyone has, at least as far as I can.
Anyone can get hacked, but I've been as proactive and open about it as is humanly possible. I could have quietly fixed it and moved on, like most big companies, but I value your trust too much to do that.
Regarding financial details, the quote above is missing the rest of the sentence, so to clarify: I use hosted secure servers for payments through my website (run by PayPal and eJunkie), so no financial details are stored on or even pass through my own website servers. Therefore the hacker won't have found any financial records on my web server, from past or present orders.
What I can tell you about what happened: The hacker got into my website and changed the links on two of the purchase buttons, directing them from my eJunkie hosted shopping cart to his own PayPal payment page.
As soon as I discovered something odd was going on, I took the website down until I could identify the problem and fix it.
While investigating, I followed the hackers link right through the completion. Payment was only by PayPal account (hosted on PayPal's servers), so there was nowhere to skim any credit card numbers (although an understandable concern).
I identified 10 buyers, who looked like they may have been affected, and emailed them all personally to check and to help them report the fraudulent transactions to PayPal.
Having changed all of the passwords that could potentially cause any trouble, I handed the website over to a Website Security company, for them to go through it with a fine tooth comb. They discovered a couple of backdoors introduced by well-known plug-ins and cleaned them.
Once the security company confirmed the site was clean, I changed the passwords again, and cleared all caches, before pushing the site live.
I then emailed my entire mailing list (at 3am) to explain what had happened and how to check they weren't affected. I also recommended that members change their passwords, just as a precaution. I've personally replied to hundreds of emails, double checking details, and so far no additional people have been found to be affected, so I'm hopeful that I caught it early enough.
Moving forward - I've retained the services of the security company for round the clock monitoring, to make sure I catch any potential exploits at the earliest stage possible, and I continue to leave all financial transactions to the experts.
I hope that helps to clarify, and if there's anything else I can help with, please just ask.
|
|
|
|
Post by blackmutt on Dec 2, 2016 1:11:09 GMT
Unfortunately in this day of internet transactions there is no way to be completely safe. Just ask the big companies that have been hacked. We all take that risk when we put any information out there. It doesn't even have to be on the internet - just fill out any paperwork or talk to someone over the phone, where do you think that information ends up?? Our information is out there, accept it. Sepiana was kind of enough to pass along information she received. I got the same email she did, though I have not ever made a purchase so I was not concerned. If you are that worried about security deprosq you better close your bank accounts and destroy your credit cards and go cash only. Hacking is a fact of life these days. It's too bad the hackers can't use their skills for good.
|
|
