Security Alert on Contributor accounts - please check your account details

[Alamy]

Hi All,

 

We've become aware that some contributor accounts have been accessed by fraudsters whereby they have managed to change email addresses and bank details of an Alamy contributor, using the contributor's registered email address and password.

 

This has happened because contributors have been using the same email login and password combination on other websites. This data breach has not come from Alamy, but once the email login and password combination has been hacked/accessed from another website and found to be a successful combination for logging in, the fraudsters will use that combination on any number of other websites to try and gain access to registered accounts for payment information. The same email login and password combination has been found elsewhere but then used on Alamy to gain access to individual contributor accounts,.

 

We are hoping that this affects only a small number of contributors. However as part of the monthly payment process we check for fraud on every account and we will be holding off payment for any accounts that have had their bank details changed recently, until we can confirm with the contributor that their bank details are correct whilst recommending affected contributors to update with a unique and strong password for the Alamy website.

 

We would also ask that you check that you are not using your email address and Alamy password for logging in on any other website and strongly recommend that you update your password to a unique one now if you are.

 

If you receive an email from Alamy saying you have changed your email or bank details, but you have not done so yourself, please email the Contributor Relations Team who will be able to help you get your account back: contributors@alamy.com

 

Thanks

 

Sophie

[Allan Bell]

We appreciate your quick action in this matter.

 

Allan

 

[zxzoomy]

Having been scammed on my last trip abroad with my laptop, phones and ATMs not working, so I nearly ran out of cash, I very much appreciate everyone's attention to us all staying safe online, especially as scamming is part of the hybrid wars advocated in his book many years ago by the Russian Chief of General Staff. I imagine every state and criminal might well think it is routine procedure now to use for whatever ends they think best.

[mwakeling]

I never received any notice about this by email. All contributors should receive notification. A small percentage of contributors check this forum regularly.

[sb photos]

Surely the ideal procedure, as used by some of my other accounts, is if confidential details are changed, an email or text is sent advising that I should contact the account if I did not make the changes myself. Also 2 factor authentication verified by the account holders phone is another means to protect accounts from potential fraud. Although less likely, as well as contributor accounts have the accounts of purchasers been compromised?

 

 

[kimba]

I just logged in to check my Account/Payment details and there is no way to check that my current details are in fact correct. The only way to check details is to Change the payment details, which then leads you to a blank form.  There are ways to make payment details available and visible to the user without jeopardizing the information. 

[ChrisR Photo]

Hi Sophie,

 

Thanks for letting everyone know, it's always good to regularly update passwords etc.

 

However, I strongly suggest that Alamy need to update their log in security for contributors, as we know passwords can be hacked so it would be good to see stronger log in options, such as 2fa security that sends a code out to your phone along with using backup email address's also, that way it will really minimise any possible security breaches.