I guess most of you already saw this message when logged in to iStockphoto:

kkthompson
March 3, 2009 20:10
This afternoon a phishing attack was conducted in the forums and through sitemail. This attack created a fake istockphoto.com login screen, prompted the user for a username & password, saved them to a malicious server, then redirected the user back to the iStockphoto main page

The iStock forums post by the same author says:

It’s an interesting statement, where the first part is correct, while the second part is very confusing. No financial information to breach, oh yeah, really?

Just a week ago Dreamstime complained in this thread that “we had cases when contributors had their accounts accessed, password changed, payment requested”. Now the iStockphoto guys are brave enough to say us they have “no financial information to breach”?

We all know that iStockphoto, like any other stock photo agency has on file your PayPal / MoneyBookers accounts. They also collect funds that have to be transferred to contributors monthly. Should not this stuff be considered as a valuable financial information stored by iStock? And if it is not enough, add here you personal profile details like your home address, phones and your picture ID. And even your images portfolio is in danger since it can be first completely downloaded and stolen and then, just for fun, completely removed from the agency by a hacker who looks for an entertainment on the hacked site.

What happened to iStock on March 3 is not funny at all. And it is a much more serious issue than just a few hours of iStock down time, even if iStockphoto prefers to present it this way. The site stores financial information and digital goods that can be stolen, so their “no financial info stored” statement is very far from the reality.

Royalty Free Images