Stock photography website iStockphoto has been targeted by
password thieves.
According to a statement on the iStockphoto website, the
phishing attack was perpetrated across the site's online forums and
mail system. It directed unsuspecting users to a bogus login page
which requested their username and password.
The password thefts mean iStockphoto users may have accounts on
other sites compromised, as the thieves may try and use those same
login details on those other accounts.
The online photo store, which was acquired by Getty Images in
2006, went offline earlier in the week as the iStockphoto security
team investigated the attack.
Users are being advised to steer clear of opening their site
mail and to change their passwords.
"A third of us
use
the same password to access all our accounts. Whilst it
probably makes it easier for the user to remember, it also means
that if a hacker cracks one password, they can access all your
online data," said Carole Theriault, senior security consultant at
Sophos.
"As we hear of more and more online communities being targeted
by data theft - Facebook and Spotify have both been recent targets
- users are reminded that bad password habits are putting them at
the mercy of wider threats."