HOME | DD
WindySilver — Too Many Compromised Accounts
#compromised #deviantart #issue #meme #compromisedaccounts
Published: 2019-11-08 20:11:38 +0000 UTC; Views: 263; Favourites: 0; Downloads: 0
Redirect to original
Description
I just reported the third compromised account from people who have faved my newest deviation in four days and decided to do this meme because I'm already sick of doing it.For those who don't know what this is about: a compromised account is usually an old account with no deviations whatsoever. Usually they, despite of faving your stuff just a while ago, haven't visited DA for at least weeks (I'm not sure how it works, but as far as I've understood, the current user of the compromised account is using a bot to do that). What they all have in common is that they have a link in their only status update or DeviantID - a link that definitely seems like porn. DO NOT OPEN THE LINK under any circumstances!! Instead, REPORT THEM to DA's support right away (it is rather buried but you'll get there through the Contact link at the bottom of any DA page). If you've had someone fave your art and deactivate their account soon after that, it's been a compromised account that got caught.
I definitely would need a bot to do the reporting for me.
Now, I shall wait for the ironic moment a compromised account faves this...
Made with Meme Generator
Related content
Comments: 8
👍: 0 ⏩: 1
Yeah, they've all probably been those accounts.
👍: 0 ⏩: 0
Find it particularly disturbing how compromised accounts do apparently not need to be activated to get the job done. I don't want to risk starting rumours, but presumably this means it is possible to access and manipulate account information without obtaining passwords and logging in.
Perhaps it is time I change my Mastercard information.
👍: 0 ⏩: 1
That is something that's been bothering me for some time. It always feels offputting that someone hasn't been here for weeks but they've faved stuff in the last 24 hours. I think I should probably change my DA password at least... perhaps my email passwords as well since I haven't changed them in a while either (and those I don't remember anyways so it wouldn't cause too much trouble, unlike my DA password). If I wanted to go full-on paranoid, I'd probably go and change every single password I can find from my enormous list of accounts and also put them all to a password manager like I've meant to do for a long time.
Although, I'd say as long as we active users use long and hard/impossible-to-guess passwords we don't use elsewhere, I'd say we're pretty safe. If not, the issue is deeper in DA than just users' email and/or DA passwords being found out, in which case literally everyone on the site is screwed. And now that we're talking about keeping our accounts safe, it really wouldn't hurt to get two-step authentication as an option on DA even though it feels so bothersome to use especially on mobile.
In any case, I recommend having backups (and backups of the backups) of all art you've posted on DA somewhere else (I have mine on hard drives and some in one or two cloud services as well). That works as a fallback for both account-level and DA-level data losses.
👍: 0 ⏩: 1
I've checked the job offers in the past two years and seen dA hire copywriters and curators, but what would really be needed here is a penetration tester.
👍: 0 ⏩: 1
Yeah, they really need more people on the security side.
👍: 0 ⏩: 1
Hopefully this is a concern taken to heart. I'd rather not see dA fall victim to a "smart cow" problem, which is a risk when the system can be breached without social engineering.
👍: 0 ⏩: 1