Recently, there has been some rumours spreading throughout the community about a hacker going around taking over accounts and deactivating them. We'd like to reassure you on this matter, and to also provide you some useful pointers in order to keep your account secure.
Upon hearing these "hacker" claims, we put our supersleuth dT Team to the task of making sure that nothing untoward was going on, and to verifythat there was no exploits within the deactivation process. We have been assured that there's no exploit that is being used to access accounts and deactivate them. There is a far simpler and less sinister answer, however and it's something that every one of us can take a proactive stance towards -- passwords. You need them for just about everything these days. What's the point of having them if you're only going to make them something really simple? The use of strong passwords is one of the most basic aspects of internet security.
Take a look at the image below to see what the most popular passwords are on another site. Any of these look familiar?
When we hear of accounts that have been deactivated without permission, we always try to verify what took place. We keep track of the number of times your password has been guessed incorrectly. We also keep a record of when and what changes were made to the email associated with your account. In addition to this, we can take a look at the IP address which accessed your account and verify if there's anything which would indicate a rogue IP.
Recently, we heard of an account that was taken over and deactivated. When we looked at the account details we could see that there had only been 1 incorrect password attempt before the account was taken over and deactivated. Panicked deviants claimed that the account had been hacked and we should "do something about the hacker". In reality, this account had been accessed by someone guessing the password -- and it only took them 2 guesses to get it right.
Sadly, it would seem within our community there is a small number of individuals who are seeking out insecure accounts and deactivating them. If you haven't done so recently, we would strongly suggest that you change your password to something secure, using the guidelines on passwordmeter.com
. There's also some really good information about password cracking over on this article
regarding Information Security.
But don't let that scare you or make you feel like deviantART is an unsafe community. It's not! It's important to bear in mind that the Internet really is just a representation of the real world that you walk around in each day. There are good and bad people everywhere -- thankfully mostly good. It's the minority of bad people that can get in the way of everyone else having a good time, and you'll find that it's not just deviantART that are affected by this. In a community as big as ours, it's only natural that we'll face a few challenges like this along the way. Protecting your deviantART account is no different to you protecting your mobile phone, your camera, iPod or other prized possession.
Over the coming weeks, we'll be putting in place some enhanced standards for passwords, which will make it even harder for your account to be taken over and accessed without your permission. Of course, if this happens to your account, it is very possible that your account could end up deactivated.
When we originally developed the deactivation process, we took on board your comments which asked for the ability to close accounts immediately and to delete everything. This is why currently, if you deactivate your account, your deviations are deleted along with any other content. You can't log in and return your account to it's former state. However, over the next few days we will be making some changes to the deactivation process that will provide a 30 day grace period for accounts that are deactivated. This means that should you unfortunately find that your account has been compromised and deactivated, you will be able to contact the Help Desk and ask for assistance. Please note that this will only be available for accounts which have clear evidence of unauthorised access, and we won't reactivate any accounts just because you've changed your mind.