This past week, many site owners of Zenfolio and SmugMug that shoot Boudoir photography had found out private and unlisted galleries were being accessed by people who were using these photos for ransom, personal pleasure and other terrible things.
There are forums and chats specifically dedicated to figuring out passwords, sharing links and finding other ways to access these private galleries. Many of these photos can be damaging to careers and lives if pictures are released in a public forum. So you can image how upset photographers and clients have been when they found out about this.
This breach of security is a lesson we all can learn on protecting our photos and our clients.
Many steps that are being taken to up security on protecting passwords. Don MacAskill from SmugMug posted this as a reply on his company’s Facebook page:
“This appears to be bad case of weak password,” said MacAskill. “This forum was engaged in a guessing game, and they often found success by simply using what they knew to guess the passwords.
Common problems found were
- Many of the URLs had the actual password in the the gallery Title/URL
- Many put the actual password in the Password Hint field.
- Passwords were almost all single words, usually a name or a short word.
- The password hints were often too informative
- The password was easy to guess out of a few dozen guesses simply based on the Password Hints.
There were other easy to spot security breaches, said MacAskill.
“Other (passwords) appeared to be easily guessed by simply Googling the photographer or scanning their social media, like Facebook or Twitter. Things like birthdays, pet names, favorite sports teams – these are all pretty easy to obtain if you have the photographer or client’s name, which was often provided in the URL or Title.”
Turns out that all the security measures in the world won’t protect you if you use a weak password.
Editor’s Note: For an example, click .
The best advice to follow is to use strong, hard-to-guess passwords. These include mixing in numbers, symbols, and capital letters. Here’s a recent New York Times piece with some advice: http://www.nytimes.com/…/how-to-devise-passwords-that…
What can you do to help protect your accounts?
- Make a password much more difficult. Many passwords are too easy. When you have a gallery named, “Jenny” and your set your password as “Jenny” that’s not exactly the best way to protect that account. Also, make sure you password protect a gallery BEFORE uploading photos. Many of these guys follow photographers RSS feeds and get into galleries while the images are being uploaded and before passwords are added. Keep your hints clever but don’t include any part of the password.
- Make a gallery unlisted or private. Companies like Zenfolio and SmugMug offer security settings for galleries that only you can see with a direct link. For extra security, make it unlisted with a password.
- Make sure you have your images right-click protected. You would be surprised to find that many site owners have not right-click protected files. It’s usually a simple gallery setting. You can often search your sites FAQ’s or contact customer service who will be more then happy to make sure your pictures are being protected.
- If possible, don’t post any potential images that could be stolen. Instead, meet your client in person and deliver digital copies. Then use a local printer or upload directly to the print shop if prints are desired. The best way to avoid stolen photos is to never put them online in the 1st place.
Keep in mind, this isn’t just about Boudoir photography. Years ago, I was apart of a cloth diapering community and we discovered to our horror that our images we were sharing of our kids in diapers were being stolen and used in forums dedicated to looking for malicious use. It was an eye opening experience that forever changed the way I post pictures.
Bottom line, there are unfortunately people out there who have ill intentions on using photos we hold dearly. Please take the time to protect your images, your brand, and your clients.