Tuts+ Premium Security Breach & The Marketplaces

—Two months of free access for ALL affected users
“Regardless of whether a person was a current or expired member or just someone who signed up but never paid or used the service”

Wow..

It’s the way business should work, but it’s only done like this by a few.

Maybe NatWest could learn a few things from Envato.

This points how important it is to balance the development with reasonably frequent iterations, rather than postponing every development piece into a pack of “next year” big update. Having sufficient resource for frequent updates eventually avoids the risk of priority confusions.

Hope things will be back to normal with the generous approach on this issue.

Just as a reminder, as Collis stated in his Notes post about the breach – we will be thoroughly looking at all areas of the company, including the Marketplaces in relation to security. This is a priority for us.

“From here on, along with addressing this situation, we are going to be taking a long and hard look across the company at all areas of security, even the ones we feel very confident about.”

laranz said
—Two months of free access for ALL affected users
“Regardless of whether a person was a current or expired member or just someone who signed up but never paid or used the service” Wow..

Yeah.. 2 months is a LOT and really makes up for all of our passwords basically being handed out.

OH WAIT , it doesn’t.

LandonWilson said

laranz said
—Two months of free access for ALL affected users
“Regardless of whether a person was a current or expired member or just someone who signed up but never paid or used the service” Wow..

Yeah.. 2 months is a LOT and really makes up for all of our passwords basically being handed out.

OH WAIT , it doesn’t.

Exactly – people don’t understand the bigger picture. If you go to a bank or anywhere and use your credit card and enter the pin/number you expect this process to be secure. If it isn’t and your data gets stolen or leaked, then you instantly loose faith. We saw this in the Sony case. Now, I will never be a sony customer again, because I simply can’t trust them. This is now the same for Envato – that’s one lost customer.

Anybody who doesn’t take to ensure the security of my data is at a maximum doesn’t deserve my business.

Not to minimize but you should always assume that an online service you use may fail in some way or another at some point. Nothing is forever.

I’m waiting for the day when facebook will get hacked. Imagine hundred of millions of accounts stolen. Now that will a day to remember.

doru said
Not to minimize but you should always assume that an online service you use may fail in some way or another at some point. Nothing is forever. I’m waiting for the day when facebook will get hacked. Imagine hundred of millions of accounts stolen. Now that will a day to remember.

Of course. I would not have had an issue with this, but the passwords were in plaintext. Nobody ever uses plaintext when storing passwords. (apart from Envato, of course).

I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net.

It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

mordauk said
I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net. It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

But they knew everyone’s passwords were being stored plaintext from the start. You’d think Envato would simply fix the issue before it became one, but they didn’t.