Jump to content

Is fiverr being insecured?


webvividshacked

Recommended Posts

Hi,



I am experiencing hacking problem of my webvivids account.



My reasons why fiverr is insecured?


  1. There is no https while you sign up. Only http. Why dont they set up a https?.
  2. Why there is no pin if you going to change paypal address associated with your fiverr account?
  3. why there is no pin confirmation when u going to change your email address associated with your email address?

    Re
  4. Why fiverr not tracking ip address if you are logged in different from your usual ip address?
  5. Why fiverr not having any other security questions to change my paypal or email id?



    Please post your experience and security issues concerning you.



    Regards,



    Rekha R
Link to comment
Share on other sites

Guest mrspanda

From what I have been told, people are getting hacked because



a. they are trying to do business outside of fiverr and bypassing the Fiverr payment system so they get the full $5 instead of giving that $1 to Fiverr.

b. giving out their e-mail

c. opening up attachments without scanning them



There are a lot of ways to prevent this and I have seen that the majority of people that have been complaining about the hacking is due to them violating the TOS. Don’t share your personal info, including e-mail, and don’t open attachments without scanning them! There are personal things we can all do to prevent these things. “Personal Security,” or persec, as the military calls it. 🙂

Link to comment
Share on other sites

Reply to @mrspanda: I accept this fact but the problem is why fiverr is not implementing these steps. Why http?? why not https??. Why there is no identity verification?



If someone want to hack my account then they need to hack my gmail account, so this proves fiverr depending on Google to identify any person. Why don’t they track ip address each every time I am logging. Why don’t they alert if the ip address is different from usual ip address I am logging??

Link to comment
Share on other sites

Reply to @giworks: Yes but they are doing for $1 fee we are giving for every order. I believe fiverr also gets support from various organizations. If fiverr keep on compromising on security than I am sure every seller and buyer will be going elsewhere.



Whats the use the concentrating on getting more orders than compromising security?



Same question why http? why not https?

Link to comment
Share on other sites

@webvividshacked It is irrelevant if they use hhtp or https. This has got zero to do with your issue here. If your gmail account has been compromised as suggested above it makes no difference to what type of site it is if your email account has been compromised . As for fiver support asking you for verification. You have to look at it from their side. For all they know you could be the hacker trying to access the account and social engineer your way in.

Link to comment
Share on other sites

Reply to @webvividshacked: Cause https or http is irrilevant in these cases. I have experience in programming and I know how they could hack an account… the fashion of recent times is a simple request to install a software (a “keylogger”)… so they get the password and takes the control of your accounts… so this is not a Fiverr security issue… I had also some spam recently and Fiverr notified that! 🙂

Link to comment
Share on other sites

Reply to @markp: So you people say that facebook or twitter or google are using https for no reason. It is really hard to see that the trusted system like fiverr not using https all these days. Whether the hacker compromised my gmail or not, what fiverr is doing all these days not to have https for their system. Where is the trust here?.



Regarding account verification, I have gmail id hacked, paypal id hacked and fiverr account. I have all proofs for these things but yes still they don’t believe me. I am not at all satisfied with the customer support and security issues with fiverr.

Link to comment
Share on other sites

@webvividshacked it does not matter if facebook and twitter uses https or not. If you email account and login for the account is compromised it is irrelevant. You still have not said how your account(s) got comprised either.



At the basic level https means is the site is using a certificate and if someone wants to spoof that they can do it as well if they are determined enough. I would be more concerned with securing your passwords and accounts and having two step authentication on your gmail account as well and using different passwords for all your accounts. What difference is using https going to make if your accounts keep getting hacked?



I do not know what support asked you and I do not want to, but there is going to be a burden of proof to verify the account is yours.

Link to comment
Share on other sites

oldbittygrandma said: I would disagree and confidently state that the Fiverr platform IS 100% safe.

 

No website is ever 100% safe from hackers, especially Fiverr. The problem is further compounded in Fiverr's case by not using SSL to protect account information or log in pages - nothing is encrypted, so everything is just transmitted in plain text.

 

Also, if someone is foolish enough to use their laptop or tablet etc. to connect to an unsecured WiFi network then it is quite easy for a hacker to find out what is being transmitted so even if the user was legit and didn't do anything naughty like communicating with buyers outside of Fiverr, a hacker could essentially log in to the seller's account and steal all their money.

Link to comment
Share on other sites

Guest mrspanda
oldbittygrandma said: IMO, it is not up to Fiverr to educate people about the internet as a a whole. hacking occurs everywhere. It is the responsibility of the individual choosing to do business online, to educate themselves on what to do and what not to do. Following Fiverr's TOS, is enough of an effort on Fiverr's part, IMO.

 

Agreed.

--

 

OP, I hate to say this and this may come off a little harsh, but at the end of the day, this is your PERSONAL responsibility to protect yourself over the internet. How did you get hacked anyway?

 

You need to take responsibility for what happened, accept it as a life lesson to be safer in the future, and educate yourself on internet safety. I know when I was in the military, we had a 2 hour mind numbing class once a year on "do not open e-mails from people you don't know..." "always scan your e-mail..." "change your passwords often..." It's so BASIC, but people don't do it because they always think "Oh, it won't happen to me."

 

Link to comment
Share on other sites

The ‘https’ encryption certificate can be be just as dangerous as normal http if you ‘The user’ isn’t careful. There’s not a big difference. Mainly, it’s another certificate verified by a third party. However, the way people are, in theory hacking Fiverr accounts is because they, like said above try and conduct business outside Fiverr and give personal information. And, why would anyone who surfs the internet make their Fiverr, E-Mail or Pay-Pal account passwords the same? Http or Https, it doesn’t matter in this situation.



I do however think that the hacking problem is nowhere near as bad as people think.



I find that some sellers are using the “I got hacked” excuse because they broke the Fiverr TOS or something and got their accounts banned. It’s a great sounding excuse. The problem is that in all my years on the internet, (And I was on the internet when the internet was new) the last month or 2 has seen more hacks on Fiverr than I have ever seen. X100.



Not saying this thread is an excuse, but I bet most others are.



Let’s be honest here. Most people that actually “Can” hack stuff have much better things to hack than someones Fiverr account. Or even a Pay-Pal account for someone who deals in regular amounts of money. The people that really ‘Can’ hack have much more money to be made and better things to do than worry about us. Why would they waste their time?



Think about it the next time you read a “My account got hacked” thread.



Again, not saying this thread, just maybe the loads of others.

Link to comment
Share on other sites

Reply to @oldbittygrandma: I think you are not understanding the problem, hacking might happen if you are selling and buying on any online sites, but the problem is fiverr is not secure and you can easily hack if you just know your email id. Supporting fiverr blindly would not help fiverr to go anywhere near to a perfect system.

Link to comment
Share on other sites

Reply to @greyhound12: You are right no website is 100% safe but all other websites trying to secure the user’s account. Like in Facebook, if you open a account on different IP you need to answer your security question before signing in on your account. And in freelancer.com you cannot easily transfer money to your freelancer.com account, they have a signature to verify that you are transferring funds from paypal to your freelancer.com account.



Like this fiverr can come up with security steps. Making secure txn’s is not what I mean, I mean you (fiverr) need to initialize the txn in a secure way.



Thanks for just accepting my views.

Link to comment
Share on other sites

Guest mrspanda
webvividshacked said: My account was hacked, cos I got a pm from one of the fiverr member and he asked me to contact through facebook and the rest needless to say.

 

Welp, there you go. You violated the TOS which resulted in this. Can you really blame Fiverr when they tell you NOT to do something and you decide to do it anyway? Honestly.

 

Link to comment
Share on other sites

Yes you are right but I have contacted customer to get more info about Gig. I’ve insisted him to order Via Fiverr. I am not able to think, he was rushing like anything to get my personal details.



I am not blaming Fiverr, but I am suggesting fiverr why fiverr not implemented these steps atleast when the fiverr user base is increasing.



Simple, I’ve got ip address of the hacker, it’s from Germany. I’ve got it from Gmail, like this why fiverr not tracking my ip address, If at all there is a difference in ip address from what I am usually use to login, fiverr should block my account without any consent.



Blaming fiverr is not at all my priority, my priority is why fiverr being so insecure.

Link to comment
Share on other sites

Guest mrspanda
webvividshacked said: I don't know how they know my email address, but I am sure I have not given my email address to anyone.

 

Just a guess, your "facebook" is probably "insecure." Most people have their e-mails showing by default.

Link to comment
Share on other sites

  • 3 months later...

Hi guys,



A few people here don’t seem to be understanding the problem…



Fiverr is NOT 100% safe, because it is using an unencrypted connection.

This is like sending a letter in the mail, but not putting it in an envelope.



Maybe someone will read it, maybe they won’t… But would you take the risk?



Fiverr IS taking that risk with it’s customer’s personal details (yes, including email addresses) and money - Probably to save a few $$$ and/or improve functionality/page loading times… I’m not exactly sure why.



But it means that anyone can steal your login details while you are logging in IF they happen to be observing the network traffic at the time. Kind of like when you put your PIN number in at the ATM and someone is watching you just a little TOO closely, lol.



Except, on the Internet, you never know if someone is watching or not, AND they don’t need to steal your ATM card to access your account.



It’s less of a risk when you are using a landline and reputable service provider, but high-risk if you are using unsecured wifi, either at home or at McDonalds/a coffee shop, etc.



Anyway… I personally don’t think it’s good enough, and obviously neither does facebook, twitter, etc… Most sites have it standard, as a BASIC security measure.



Fiverr is gambling by not using HTTPS, and unfortunately a percentage of users will find themselves being hacked and/or ripped off because of it.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...