Heartbleed Security Attack on Envato

If you are author or affiliate marketer on Envato Store , there is an important account security update from Envato for you. On the 7th of April 2014 , information was released about a vulnerability, CVE-2014-0160, known as Heartbleed, that affected OpenSSL, a library used for encrypting internet traffic.

If you are member of any of these sites ( themeforest.net , codecanyon.net,  videohive.net,  audiojungle.net , graphicriver.net,  photodune.net,  3docean.net , activeden.net,  studio.envato.com – Envato Studio (formerly Microlancer)) and you have not received any email or notifications from envato regarding heartbleed security attack, then this post is must for you.

AccountSecurity

Heartbleed Security Attack on Envato

Last month Envato posted an article on Envato Notes as well as their forums and email newsletters, explaining Envato’s response to the Heartbleed bug and advising all Envato users change their password.

Envato team members’ have been tracking the number of password updates and have found there are still a large number of users who have not updated their envato password. This communication is an important message for Envato community members who have not changed their password since envato deployed the Heartbleed exploit patch at 06:42am 8th April 2014 UTC.

You will get an email from envato team from  ” do-not-reply@envato.com”  to change you password , If you haven’t changed your password yet, this is what you will see while trying to log in into any of these sites.

envato- security issues- themophiles

[button] How to change my Envato Password [/button-blue]

The user ID and password for all envato sites are same . To reset the password you need to click this link: https://account.envato.com/password_resets/new .

You will see page saying you to write your User ID and email ID like this:

envato- security issues.jpg2

After that click on ” Reset Password”. Now within one hour you will get a password reset instruction on your registered mail from “do-not-reply@envato.com” saying –

“Hello [ Your Name] , To reset your password please follow the link below:” and you will see a long password reset link just below this line . You just need to click this link, then you will be redirected to a page to enter a new, unique, complex hard to be guessed password. Do not use previously used password for security reasons.

envato- security issuesnepass If you are not able too this password reset email from envato. Kindly check your SPAM folder or click on “ALL MAILS” ( if you are using gmail, they have recently started categorising emails in different sections like promotions, sections, social etc, so, you email may have been listed to any of these sections and too see all these sections at once, you should click “All mails” on left menu bar in gmail.).

If you still haven’t received your mail. Kindly submit a security ticket by clicking this link: http://support.envato.com/index.php?/Tickets/Submit .

 

[button] Below is the copy of mail forwarded by Envato informing regarding this security issue [/button-blue]

 

[box]

Hello Envato community member,

Last month we posted an article on Envato Notes as well as our forums and email newsletters, explaining Envato’s response to the Heartbleed bug and advising all Envato users change their password.

Since then we have been tracking the number of password updates and have found there are still a large number of users who have not updated their password. This communication is an important message for Envato community members, including yourself, who have not changed their password since we deployed the Heartbleed exploit patch at 06:42am 8th April 2014 UTC.

What will happen?

The next time you visit either the Envato Marketplaces or Envato Studio, you will be required to set a new password. We strongly advise the following actions:

  • Change your password to a unique, complex password that cannot be easily guessed. Consider using a password generator.
  • Do not use a password that has been used previously on any Envato site or any other external site.
  • Store your password securely. Consider using a password manager like 1Password, Password Genie 4.0, LastPass or Dashlane.

When will this happen?

This change has already been made. If you were currently logged in to an Envato site, you will have been logged out in order to ensure the required password change occurs. We apologize for this inconvenience.

Has my account been compromised?

This response is a precautionary measure. However, if you have had an insecure password that you have been using elsewhere prior to the Heartbleed bug, we advise you review your account for any changes you have not made yourself. Make sure you:

  1. Check your personal details
  2. Check your purchases
  3. If you are a Marketplace Author, check your payment/withdrawal preferences

If you have any concerns about any recent activity on your account please contact Envato Support and provide full details.

Why am I getting this email from Envato?

You are getting this email because you have used one of the following Envato sites:

Please note: this communication is not applicable to the Tuts+ sites.

Where can I get more information?

We have posted an announcement at notes.envato.com/general/your-account-security, in our Marketplace forums, and on support.envato.com. If there are any updates to this issue we will post to those channels. The original Notes post about Heartbleed can be found at notes.envato.com/general/envato-response-to-the-heartbleed-ssl-vulnerability.

I am getting an error message saying that the URL has expired or I have an invalid token. What should I do?

  1. You may have accidentally requested more than one password reset, so there might be another email in your inbox with another link you could try.
  2. Try copying and pasting the link into your browser as some email programs can incorrectly wrap or otherwise break the URL or link we emailed you.
  3. Try signing in. You may have already successfully changed your password. There’s no harm in trying to sign-in.
  4. If you still have no luck please contact us at accountsecurity@envato.com

I have not received my password reset email. What should I do?

  1. We may be sending out a lot of emails so please allow up to an hour for the e-mail to come through.
  2. Have you checked your Spam Folder?
  3. Request another reset of your password from via account.envato.com
  4. If you still have no luck please contact us at accountsecurity@envato.com

Of course, if there are any further questions, please contact the Support team:

  1. Go to support.envato.com and open a support ticket for Account Security OR
  2. Email accountsecurity@envato.com

Our team is standing by to assist!

Thank you for your cooperation.

Kind Regards

Envato Support

[/box]

 

 

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To protect our users from spam and other malicious activity, this account is temporarily locked. Please log in to https://twitter.com to unlock your account.