iStockphoto struck by phishing attack

Popular stock photography website, iStockphoto, has been targeted by password thieves.

According to a statement on the iStockphoto website, the phishing attack was perpetrated across the site’s online forums and mail system, directing unsuspecting users to a bogus login page which requested their username and password.

The online photo store, which was acquired by Getty Images in 2006, went offline earlier in the week as the iStockphoto security team investigated the attack. Users are advised to steer clear of opening their site mail and to change their passwords.

Carole Theriault, senior security consultant at Sophos said:

A third of us use the same password to access all our accounts – while it probably makes it easier for the user to remember, it also means that if a hacker cracks one password, they can access all your online data. As we hear of more and more online communities being targeted by data theft – Facebook and Spotify have both been recent targets – users are reminded that bad password habits are putting them at the mercy of wider threats. What is a good password? It’s unique, long, not found in a dictionary, and combines numbers and letters.