Hi,

I have had a problem accessing the EPS iStock site for over a year now, while everything was OK with qHero. I contacted the support three times, so that I simply cannot access my account even after resetting the password. After their answers and long waits, usually after a few reset the password would work, and I would be able to access.

However, since iStock has fallen to very low branches and my payouts have shifted to 3-4 months instead of every month, I haven�t noticed that my payments haven�t arrived with iStock for a while now.

A few days ago, I decided to see again what this is about and what is happening with iStock. Again an access problem, again a few restarts of my password and finally I manage to access and I see that in the meantime I had 3 payouts of about $ 550 in total, however I didn't get any. I check the PayPal registered account and see that it has been replaced with [email protected].

I returned my PayPal address and I received a change notification in the mail: Your Getty Images contributor account has been updated. That has never occurred to me before. How is it possible that someone changed my payment details without receiving notification!? (PayPal mail is not the same as profile mail). What is interesting in the notification mail that arrived are my 2 addresses. Account mail, PayPal mail, and PayPal mail [email protected] )

I contacted support of course. They immediately asked me if I could access and if they could they would forward me to the payment department. I've been waiting for about ten days for someone to contact me. Of course, I doubt that someone will return the stolen money to me and that they will make sure that at least that account is blocked, etc.

I am convinced that the mistake was not up to me, but that their system was hacked. I have been working for 14 years in an IT company that makes websites and applications, I know very well what security is and this is the first time this has happened to me. I have 2 autotentification factors at my home e-mail address (password and code on the phone number) and it is impossible that someone reset my passwords with my e-mail address and accessed the EPS account.

I'm thinking of leaving iStock, it just made me very nervous that the money I got from them didn't pay off. Of the 11 agency sites where I upload, only Pond 5 and Vecteezy are worse.

Where do you see what Paypal address iStock has on file?  I can't seem to find it in their ESP dashboard.

The way things like that usually work:

- A site where you have an account was breached (123RF and 500px for instance were breached in the past), and your personal information like name, username, address, password and whatsoever fell into the hands of those who know what to do with it and how to use it.
- They found out you have an ESP account, and used that data they have on you to log in, and change the account details.
   If they do that just before payouts are being made, there's very little time for you to react, or even notice the account change notification mail (you might not even notice it at all as the notification mail might as well end up in your trash folder)

Not saying this is what happened, but I honestly see few other options, as a complete breach of ESP, involving many more accounts being compromised would not go unnoticed.
There would be complaints all over the place.

There's very little you can do against those breaches, they happen all the time. So be careful, manage your accounts properly and take precautions. 
Enable 2FA wherever possible, and use unique passwords per account you have on any site.
Use sites like haveibeenpwnd to check which breaches you are involved in and change passwords if you were breached!
Use different email addresses on different accounts.

No doubt you already know all of that, and good to hear you use 2FA where possible. But still might be useful to others.
The carelessness of how people manage their accounts, and how they are eager to provide as much as possible personal information to a broad variety of sites truly baffles me. 
Combining different data breaches allows hackers to collect a ton of information on you!

All of that are factors that dramatically limit the risk of being compromised but not zero it.
I saw people who are very aware of their online presence, and who are very familiar with online security measures and techniques being used to hack an account still being tricked into a socially engineered account hack.

Quote from: Roscoe on May 19, 2022, 14:04

The way things like that usually work:

- A site where you have an account was breached (123RF and 500px for instance were breached in the past), and your personal information like name, username, address, password and whatsoever fell into the hands of those who know what to do with it and how to use it. ...

Yes, but the question is how, if I reset the password and log in to my account, that account becomes inaccessible to me again, with a different password? And so 4 times in the last year? If I reset the password via my home email, then how did he get his account back every time?

Malware or spyware in your computer transmitting your keystrokes.. maybe?

Quote from: vlado85 on May 19, 2022, 14:55

Quote from: Roscoe on May 19, 2022, 14:04

The way things like that usually work:

- A site where you have an account was breached (123RF and 500px for instance were breached in the past), and your personal information like name, username, address, password and whatsoever fell into the hands of those who know what to do with it and how to use it. ...

Yes, but the question is how, if I reset the password and log in to my account, that account becomes inaccessible to me again, with a different password? And so 4 times in the last year? If I reset the password via my home email, then how did he get his account back every time?

Malware or spyware in your computer transmitting your keystrokes.. maybe?

I have Malwarebytes who scans regularly. Now I just scanned the system and found only NiceHash miners. I also use Avast antivirus.

IS could help if they wanted.   Assume hacker is involved;   his IP address would be different from your home IP address & can be traced to geographic location.  Ask them for dump of all account modifications on record. That way at least you could confirm you have been hacked & where it is coming from.   

Quote from: Uncle Pete on May 21, 2022, 09:06

You didn't say, does someone have access to your email, did you change that password too? Otherwise someone would always get your new account code, every time you change it. Does someone have access to your computer? Do you use open Internet anywhere?

Good luck. Seems odd that you change your PW on IS and then someone else has access and changes your data. They would need to be able to read your confirmations of changed PW.

Well I said I have 2 mail accounts. One is on Yahoo and it has 2 levels of password protection and SMS code, while the other Gmail account is tied to PayPal and it has 2 levels of password protection and Google Authentication. When you reset your password, you receive notification on e-mails, also, when you change your PayPal payment order, you receive a notification in e-mails.

I did not receive a notification to my e-mail address when another person changed my payment method. Also, when I reset my password and after a few times I manage to access my account I have all these notifications. Shortly afterwards, someone took over my account again without any notifications. If his account is not linked to an account, but to a PayPal payment, how did he manage to reset the password and recover his? If the spyware read my password from the keyboard, then he accessed the account and had to change the password again. Then I would have to receive a notification anyway ...

After all, if someone hacked my account and mail, why would they choose to steal iStock and not other accounts?

Very odd and I hope you resolve this and get your account back. Oh and all your earned money as well.

You need the system where the website sends you a code via text to your mobile and you login with that & your password on your laptop etc. paypal do it and a lot of big sites now do it.

That's pretty much standard today, isn't it. But it's way too much to ask from IS. Just look at entire dinosaur ESP interface