Kindle Forum banner
1 - 20 of 32 Posts

·
Registered
Joined
·
4,412 Posts
Discussion Starter · #1 ·
I saw another author had been hacked and so this morning, I checked my emails to see if I had been notified of payment changes. I hadn't so I breathed a sigh of relief. There was also an article about it on https://the-digital-reader.com/2018/04/17/hackers-now-targeting-authors-on-createspace/

Maybe an hour later, I checked my email and saw I'd received a change of payment information notification! Unbelievable. I'm hoping that because my Remittance Advice notifications came last week and had my name, that I will get the payment, not some guy named Ivan Evdokimov.

And of course, I changed my info and password.
 

·
Registered
Joined
·
1,408 Posts
I woke up this morning to read this email:

"This is an automated message confirming that royalty payment information has been updated in your CreateSpace account. If you did not make any changes to this information, please use the Contact Support feature in your account to reach our Customer Service team."


I thought it was a random email that was a mistake. But it wasn't. I called Createspace and indeed, someone had hijacked my account and deleted my payment information and substituted their Name and direct deposit information. I am due to get paid in about a week, so I am thankful they did not receive any of my payments before I caught it.

I've had to change my email, password and update payment info again.

I was told by Createspace that they used an "auto sign-in" feature. I'm on a Mac. Scary.

You may want to change your password to be safe.
 

·
Registered
Joined
·
2,713 Posts
Guess the lesson is not to use the same password for everything. Changed mine twice. Thanks Mary.
 

·
Registered
Joined
·
2,532 Posts
There should be two-factor authentication for all Amazon sign-ins. However, I just checked and couldn't find it on CS. Odd. I know I have two-factor for my other sign-ins.

Of course, everyone should use super-strong passwords for everything related to money, because those are the accounts most likely to be targeted. I use a looong password with numbers, symbols and letters myself, something that theoretically can't be hacked by anything short of an NSA supercomputer. Of course, there's always the possibility of a data breach revealing any password, so regular changes are always good.
 

·
Registered
Joined
·
485 Posts
Is changing the password enough? I changed mine the other day when the hacking was first reported here on the boards, and made sure it was complex and unique, but is that really enough?

This is some scary stuff. :(
 

·
Registered
Joined
·
1,408 Posts
I also changed my email address. I am now going through the process of configuring the program "Little Snitch" for Mac to make sure I see all the traffic my computer generates.

inconsequential (AKA JanaOnWheels) said:
Is changing the password enough? I changed mine the other day when the hacking was first reported here on the boards, and made sure it was complex and unique, but is that really enough?

This is some scary stuff. :(
 

·
Registered
Joined
·
636 Posts
David VanDyke said:
There should be two-factor authentication for all Amazon sign-ins. However, I just checked and couldn't find it on CS. Odd. I know I have two-factor for my other sign-ins.
CreateSpace does not have 2FA ... confirmed with customer support last week.
 

·
Registered
Joined
·
1,408 Posts
You should call them to verify that the info is still accurate.

Nathan Elliott said:
My banking info looks okay, but I am puzzled as to why it says

"We received your tax information on 03/31/2018"

They have had the tax info for years. Anybody else see a strangely recent date on theirs?
 

·
Registered
Joined
·
3,651 Posts
I spoke with an information security expert after I wrote about those guys clickfarming their way to #1 last July, and he told me that Createspace had the most abysmal security standards - and that he had identified a critical security flaw in the system, reported it to Amazon, and a year later it still wasn't addressed.

Not directly related to this incident, I should add, but a sign of how lax things are. His theory was that Amazon had simply decided that leaving the hole in the fence would accrue less losses than actually fixing it - a hands off approach that I'm sure will surprise exactly no one.
 
Joined
·
746 Posts
Nathan Elliott said:
My banking info looks okay, but I am puzzled as to why it says

"We received your tax information on 03/31/2018"

They have had the tax info for years. Anybody else see a strangely recent date on theirs?
Yeah, I'm seeing a similar thing. But isn't there some significant US tax date in April? Maybe your details get automatically resubmitted each year or something.
 

·
Registered
Joined
·
485 Posts
MelanieCellier said:
Yeah, I'm seeing a similar thing. But isn't there some significant US tax date in April? Maybe your details get automatically resubmitted each year or something.
There is a specific tax date, but I don't think the info gets resubmitted each year by some sort of default. The date mine is showing hasn't changed in 4 years.
 
1 - 20 of 32 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top