629 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 100 and 1 000 dollars
Thecodingdude says

In response to: http://codecanyon.net/forums/thread/censorship/68217

So, if any of you caught it, I made a thread called “Secure? Yeah…Right” which basically was a document containing a few things I had found that contributed to the recent attacks on Envato. I felt like I had to expose a multi million dollar company not to say “I did it”, but because I felt it’s important everybody is aware why and how your accounts got hacked – it’s important to know the details behind it.

I do understand that I could have handled this better, but I am not an Envato employee, I am just somebody who tries to contribute here and there.

Sorry for anybody involved if you found my post somewhat crosses the boundaries of what is and isn’t tolerated. I would appreciate it if this thread can be left open for a bit of discussion – I love reading what other forum members have to say. Locking threads down (such as the “Censorship” thread irritates me a lot (which is why I have created this thread now) ).

I hope Envato starts to appreciate what the community does for you. I could have posted this outside Envato’s scope and potentially it could have been used to fuel more attacks – I (sort of) did the right thing here.

Most of what I reported has since (thankfully) been fixed. Yes I have copies of my message but I won’t be posting them here again (since the issues have now been patched up, I can’t see the harm in making it public now). I feel my duty here has been done. I will not be reporting any more security bugs that are found. Envato should learn from this and employ a security advisor whose job it is to hack the Envato websites to try and find bugs. This isn’t my job.

Thank you!

6764 posts
  • Italy
  • Sold between 10 000 and 50 000 dollars
  • Has been a member for 4-5 years
  • Microlancer Beta Tester
  • Beta Tester
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
  • Author had a Free File of the Month
  • Bought between 10 and 49 items
+1 more
doru says

I think you did a good thing finding that issue, no need to apologies in my opinion, yes maybe it would had been better contacting envato staff and show them the problem privately.

They should give you a sheriff badge! :)

4594 posts
  • Envato Staff
  • Has been a member for 4-5 years
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Bought between 50 and 99 items
  • Canada
  • Community Ambassador
  • Beta Tester
  • Contributed a Tutorial to a Tuts+ Site
+7 more
KingDog Staff says

Don’t get me wrong, we very much value our community and all the hard work you do to make this place awesome. I’m sorry if it came across like we were trying to assert heavy-handed censorship. It’s just that posting potential exploits in a public forum only encourages bad behavior. Our Support team is here to make sure the right people are informed (and they have been). Thanks!

3058 posts
  • Community Superstar
  • Has been a member for 6-7 years
  • Won a Competition
  • Sold between 50 000 and 100 000 dollars
  • Bought between 10 and 49 items
  • Referred between 50 and 99 users
  • Exclusive Author
+1 more
wickedpixel says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

535 posts
  • Exclusive Author
  • Sold between 50 000 and 100 000 dollars
  • Has been a member for 4-5 years
  • Bought between 10 and 49 items
  • Referred between 10 and 49 users
  • Portugal
plusquare says

Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

639 posts
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 1-2 years
  • Haiti
Crakken says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

hahahahha :D ROTFL !

629 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 100 and 1 000 dollars
Thecodingdude says

Mate, if you find a security problem for Envato don’t post it on the forum where a large number of people will look at and potentially use. I’m sure Envato is thankful for your warning but you should have just turned to their support center, something to contact them directly as doru said.

In all fairness, that is no way near as fun. And posting publicly got the issue sorted far faster (they could not have afforded not to fix this right away).

Also “Google Will Pay $1 Million for Chrome Hacks”: http://www.pcmag.com/article2/0,2817,2400878,00.asp

Hacks are worth millions to some companies. I’m not sure why Envato doesn’t roll a similar program.

4594 posts
  • Envato Staff
  • Has been a member for 4-5 years
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Bought between 50 and 99 items
  • Canada
  • Community Ambassador
  • Beta Tester
  • Contributed a Tutorial to a Tuts+ Site
+7 more
KingDog Staff says

We’re just trying to figure out why a theme we purchased is no longer up on the site and we cannot get ahold of the author. We purchased the theme, used it for a presentation to the stock holders and now we are unable to download the theme that we rightfully purchased. Contacted support, but they have no been helpful. Is this part of the security breach? Are items being taken down by hackers or something?

Themes can be removed for many reasons including a request from the author and if it no longer meets quality standards. The security problem was only on Tuts+ not the Marketplaces at all. Thanks!

1401 posts Determined to give you nothing but the best!
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Author had a File in an Envato Bundle
  • Most Wanted Bounty Winner
  • Contributed a Blog Post
  • Has been a member for 2-3 years
  • Bought between 10 and 49 items
  • Referred between 10 and 49 users
+2 more
mrcharlesbrown says

It is actually not good to be talking about hackers in the forum because it can only bring wrong impression to this community and Envato marketplaces as a whole.

Thanks Thecodingdude for your effort but it is best not to talk about hackers. It can only drive more bad people here to make an attempt.

Best regards.

Charles Brown

5277 posts The Dude Abides
  • United States
  • Exclusive Author
  • Has been a member for 5-6 years
  • Elite Author
  • Sold between 100 000 and 250 000 dollars
  • Bought between 100 and 499 items
  • Referred between 100 and 199 users
+5 more
CodingJack says

Some time ago I also discovered a method in taking money from other user accounts by simply making awesome files.

:D

Personally I don’t all the fuss. Do people really use the same passwords for everything, especially people in this industry who should know better? Not sure if anyone’s marketplace credit got stolen, but if that were the case I’m sure Envato would replace it. The fact that all payments are made offsite and are therefore protected by default is the only thing that matters to me.

by
by
by
by
by
by