Forum Hacks Boudoir Gallery Passwords. Is Your Site Protected?
Some people have too much time on their hands. And when those same people also are creepers, we come across disturbing stories such as this one.
The Voyeur Forum was outed yesterday by an anonymous tip to various boudoir photographers that their galleries hosted on Zenfolio and Smugmug accounts had been hacked. This forum had 121 pages of links to boudoir galleries and the cracked passwords to each gallery. It seems that the creepers on this forum are making it a game to hack into boudoir galleries, leer at the photos and then discuss them on this forum.
“This is a great thread! Thanks to everyone for all the work that goes into getting these passwords! I do have to say, I love the ones where they are wearing wedding rings. You know those are most likely being done for the husband, and we were certainly never supposed to see them!!!” – Comment on Forum
(That just made my skin crawl).
The thread has since been deleted (or so the admin of the site so “eloquently” stated):
This serves as a reality check and reminder for all photographers, not just ones that shoot boudoir, to protect themselves, their clients and their businesses by not making it easy for people to guess the passwords and get into our galleries to access client photos and other private information.
[PRODUCT HIGHLIGHT: Lightroom Workshop Collection v5]
With some common sense Internet practices, your galleries will be better protected in case people with nothing better to do, tries to break into your galleries. Here are some things to consider when making (and changing, I hope) your passwords:
1. Upper Case, Lower Case, Three Numbers and the Fourth Letter of the Greek Alphabet
I’ll admit, in my old age, it’s getting harder and harder to remember the passwords to everything. Especially, with more and more companies forcing us to chose more difficult passwords. It’s annoying and tedious and half the time, I’m pressing the “Forgot My Password” link, but remember, it’s there to protect us.
So, mix up your password. Don’t use proper nouns, personal info such as pet names, dictionary words or foreign words. The best passwords are gibberish, made up of a random mix of upper and lower case letters and random numbers or a string of random words.
2. Don’t Keep Galleries Up Indefinitely
I know it’s a pain to remember to go in and hide the galleries after a while, but a good practice is to give your clients a time limit to choose their photographs and share their links. It might be a good idea to remind your clients to share the links to their galleries and the passwords with caution.
3. Change Your Passwords Frequently and Don’t Use the Same Passwords
It’s very easy and painless to keep the same password across the board – from your network passwords to your online banking to maybe all of your pet portrait galleries. But remember, it’s easier to change the passwords every few months and write it down, than it is to deal with someone hacking into your accounts with a simple password like “furrypetprincess.”
4. Use Only Trusted Online Storage Options
This only goes so far as clearly, these hackers broke into sites like Smugmug and Zenfolio, which are reputable sites with great safe guards that help us protect our galleries, but we need to utilize some of them. They have solid password protection, but keep in mind places like Dropbox, Flickr, even your Google Drive and Costco Photo accounts are also places that they will try to hack into. When looking to store your photos online, make sure the company has practices in place where you can keep your clients photos as secure as possible. There are a few sites that don’t require passwords for their galleries. I’d stay away from those. If your online gallery host allows you to set specific viewing permissions – like assigning passwords or giving only specific people access, you’d be wise to utilize those services.
I’ll admit, I used to be in the “It’s not going to happen to me” mindset. Then, as I hear more and more about people getting their identity stolen, then with the recent Target Credit Card hack and now stuff like this, I want to pull my entire presence off the Internet and go hide in a cave somewhere. The “It’s not gonna happen to me” mindset is dangerous and serves you no protection. Sometimes, sadly, you find out the hard way, that indeed, it may very well happen to you.
I’m off to change all of my passwords now. I hope you’ll do the same.
[Source: Brandsmash/Mike Allebach]