What happened on DeviantART at the weekend?
Click to Enlarge
While I’d love to leave it at the analysis above which is stated as being “ERMERGERD HACKERZ”, the antics at the weekend focused on swiping the accounts of DeviantART users who had coughed up for premium functionality. See, along with the removal of adverts and numerous other features comes the ability to add fancy scripts to their page (because nobody likes a default setup, right?) These scripts are what caused so many people to fall victim to a (now resolved) bout of account theft thanks to a cross site scripting vulnerability in Journals.
Phase 1 of this fiendish caper (I’m sick of calling things scams, so I’m rolling with “capers” for the foreseeable future) involved swiping some of those premium accounts, then using them to post comments on DeviantART accounts with a message designed to cause maximum insta-link clickage.
Instead of going for the more traditional “lol, have you seen the pictures of you on this website” nonsense so beloved of Twitter and Facebook scams, the tactic here was tailor-made to cause digital artists everywhere to throw up their hands and howl at the moon.
Click to Enlarge
“This was stolen from [link]“
Assuming the artist accused of theft hadn’t gone on a mad stabby rampage with a 4H Graphite, they’d click the mysterious link and – via the magic of some cross site scripting shenanigans courtesy of premium accounts – be redirected to a fake login screen.
Lots of stolen accounts were apparently deactivated by the people doing the compromising which caused no end of trouble for legitimate users. Worse, the affected users then had to go clean up their reputations because they were accused of being evil hackers (warning: swear words aplenty. I think they’re allowed to though, given the circumstances).
DeviantART got their hands around the throat of this one rather quickly and locked it down, along with one of their staff posting up a blog about the situation. They advise that their login will always either be located at deviantart.com/users/login or sta.sh/login, with a https at the start of the URL. DeviantART users seeing anything else should treat those pages with utmost caution and refrain from attempting to login.
It’s been a while since we saw an outbreak of badness lead a merry dance across DeviantART, but I guess this one makes up for it. For the time being, be wary of content theft claims appearing on your account comments and keep those login credentials safe.
Leave a reply