Your account's security is of vital importance to deviantART and we're committed to providing our members resources and advice on how to stay safe and secure online. Earlier today, an individual or group of individuals redirected some deviantART members to a false deviantART login screen by exploiting a cross-site-scripting vulnerability in deviantART's Journal system. This tactic, commonly known as phishing, allowed the individuals to gain access to some accounts.
Phishing is a serious matter on the Web. You've probably heard of phishing attempts through emails, the classic example being a fake email from a bank or other trusted authority, asking you to enter your personal information.
Incident details
The individuals discovered and exploited a cross-site-scripting vulnerability in Journals that provided them the ability to redirect deviants to a different website, designed to mimic a deviantART login screen. Some deviants who did not realize that they were being taken offsite for a phishing attempt, entered their username and password information which was then logged by the individuals.
As soon as the malicious activity was discovered, deviantART staff members immediately began response procedures, including patching the scripting vulnerability and taking steps to secure and contain all accounts that were compromised.
It is important to note that we have no indication that any real harm was done, other than the posting of juvenile comments. We will work vigilantly to find the wrongdoers and, as necessary, involve law enforcement.
What to do if your account was compromised
If you were one of the handful of deviants who entered your account information into the fake deviantART login screen, or otherwise believe your account to be compromised, please note the following:
If you have access to your account:
- First, change your password in your Settings.
- Second, verify that the email associated with your account is active (one that you still use).
- Third, check your Sessions page and logout any sessions that you do not recognize.
- Please note that your account may have been locked as a security precaution. In this case, contact our Help Desk for assistance. Be sure to use the email associated with your deviantART account when contacting our staff.
Preventing phishing
One of the most important ways to prevent phishing of your deviantART account information is to always ensure that the URL in your address bar always says deviantart.com.
Our login pages will always be located at deviantart.com/users/login or sta.sh/login. They will also be on a secure server as indicated by https:// before the address.
If you find yourself unexpectedly logged out after clicking an offsite link, immediately check the URL to see if anything extra has been added -- this would indicate that you are in fact on a third-party website masquerading as deviantART. For example, if the URL reads something like deviantart.[something].com/users/login then you are no longer on deviantART and you should not attempt to login.
If ever in doubt, manually browse to deviantart.com before providing your account information.
For more information on phishing, check out see Stay Safe Online: Phishing from Google.