Shop More Submit  Join Login
×

:iconhaldron: More from haldron


Featured in Collections

Editorials - Favs by Bnspyrd

Other journals by KalosysArt

DeviantART by MorriganArt


More from deviantART



Details

Submitted on
November 25, 2012
Submitted with
Sta.sh Writer
Link
Thumb

Stats

Views
29,882 (11 today)
Favourites
408 (who?)
Comments
436
×

Be vigilant of phishing scams

Sun Nov 25, 2012, 11:09 PM


Your account's security is of vital importance to deviantART and we're committed to providing our members resources and advice on how to stay safe and secure online.  Earlier today, an individual or group of individuals redirected some deviantART members to a false deviantART login screen by exploiting a cross-site-scripting vulnerability in deviantART's Journal system.  This tactic, commonly known as phishing, allowed the individuals to gain access to some accounts. 

Phishing is a serious matter on the Web. You've probably heard of phishing attempts through emails, the classic example being a fake email from a bank or other trusted authority, asking you to enter your personal information.

Incident details

The individuals discovered and exploited a cross-site-scripting vulnerability in Journals that provided them the ability to redirect deviants to a different website, designed to mimic a deviantART login screen.  Some deviants who did not realize that they were being taken offsite for a phishing attempt, entered their username and password information which was then logged by the individuals. 

As soon as the malicious activity was discovered, deviantART staff members immediately began response procedures, including patching the scripting vulnerability and taking steps to secure and contain all accounts that were compromised. 

It is important to note that we have no indication that any real harm was done, other than the posting of juvenile comments.  We will work vigilantly to find the wrongdoers and, as necessary, involve law enforcement.

What to do if your account was compromised
 

If you were one of the handful of deviants who entered your account information into the fake deviantART login screen, or otherwise believe your account to be compromised, please note the following: 

If you have access to your account: 
  • First, change your password in your Settings.
  • Second, verify that the email associated with your account is active (one that you still use).
  • Third, check your Sessions page and logout any sessions that you do not recognize.
If you do not have access to your account:
  • Please note that your account may have been locked as a security precaution. In this case, contact our Help Desk for assistance. Be sure to use the email associated with your deviantART account when contacting our staff.

Preventing phishing
 

One of the most important ways to prevent phishing of your deviantART account information is to always ensure that the URL in your address bar always says deviantart.com.

Our login pages will always be located at deviantart.com/users/login or sta.sh/login. They will also be on a secure server as indicated by https:// before the address. 

If you find yourself unexpectedly logged out after clicking an offsite link, immediately check the URL to see if anything extra has been added -- this would indicate that you are in fact on a third-party website masquerading as deviantART.  For example, if the URL reads something like deviantart.[something].com/users/login then you are no longer on deviantART and you should not attempt to login.

If ever in doubt, manually browse to deviantart.com before providing your account information. 

For more information on phishing, check out see Stay Safe Online: Phishing from Google. 



Your account's security is of vital importance to deviantART and we're committed to providing our members resources and advice on how to stay safe and secure online. This article details a recent incident, our response, and provides advice on ensuring account safety in the future.
Add a Comment:
 
Flagged as Spam
Flagged as Spam
:iconryugassj3:
RyugaSSJ3 Featured By Owner Apr 10, 2013  Student Traditional Artist
Faving this & I don't care. These scums have gotta go!!
Reply
:iconpervyjjthplz:
PervyJJTHplz Featured By Owner Mar 31, 2013
hello
i'm XXJJthedragohogXX

i sended DA allot messenges about this
but it doesn't seem effective and whatever happens
they dont give me the chance to get a recovery
can you help me please?
Reply
:iconidjpanda:
iDJPanda Featured By Owner Dec 18, 2012  Student General Artist
I highly doubt that this will be the last time this happens... It's happened like a month ago and they are back again..
Reply
:iconkamipanda:
kamipanda Featured By Owner Dec 13, 2012  Hobbyist Digital Artist
Hi there.

My account gets hacked like, 3 weeks ago.. I can't log in anymore and I've send the e-mails already but up until now, I got no response. I understand that you guys are pretty busy, but please, at least give us an announcement about what's going on here. I really have no idea right now. I'd really missed my friend on my account back there and have a lots of stuff to submit.

I'm really looking forward to get my account back, man.
Reply
:iconloco-the-pervert:
Loco-The-Pervert Featured By Owner Dec 10, 2012  Hobbyist Digital Artist
Okay so that what happened! ^^; so ignore my journals about them being hacked
Reply
:iconk4nk4n:
K4nK4n Featured By Owner Dec 6, 2012
Was gary-niger :icongary-niger: the one responsible for the recent hackings in November? What about Neomoti :iconneomoti: , is she innocent?
Reply
:iconstorm-de-up:
Storm-DE-UP Featured By Owner Dec 6, 2012
Neomoti is indeed innocent, she was one of the hacked.
Reply
:iconk4nk4n:
K4nK4n Featured By Owner Dec 7, 2012
Thank you for answering.
Reply
Add a Comment: