Romance, Historical, Contemporary, Paranormal, Young Adult, Book reviews, industry news, and commentary from a reader's point of view

Fridday Midday Links: WriterSpace Hacked! Change Your Passwords!

Stampede.It is the first group coupon service for ebooks. Groupon and other group coupon sites (like Living Social) offer large percentages off of products if a certain number of people agree to participate in the deal. Stampede.It brings in a new wrinkle by having tiered pricing agreements with the price decreasing with increased participation:

$1.50 if just 20 people purchase the deal
$1 when 50 people purchase the deal
$0.75 when 100 people purchase the deal

Simone & Schuster participated in a Groupon a while back causing indie booksellers to be upset. I’ve seen HarperCollins and maybe Random House (can’t recall exactly) put up their books at discounts through sites like GiltGroupe and Ideeli.

Of course, if it is an ebook deal, then it probably excludes the Agency 6 publishers.

******

Rankings, in part, are what some authors are relying upon to measure whether their ebook sales are being reported accurately on their royalty statements. This has led me to wonder about the validity of the rankings by retail businesses and how that is affecting sales.

Getting in the top 100 list on either Barnes & Noble or Kindle can mean a great deal for authors. Amazon has a mix of self published and traditional published titles, but curiously almost no erotic romance. Bella Andre, for example, is earning $116K per quarter yet her highest Kindle ranking is in the 4,000s.

Over at Barnes and Noble, however, the list seems every more, um, non organic. Of the 100 titles, only 7 of them are under $5.00 and none are priced under $4.00. It does not appear that there are any PubIt! titles on the list (although I may have missed one or two. None of the below $4.47 or up titles were self published).

Once you get past the 125 book mark on the BN top list, you start seeing a slew of $.99 books.

Emails to BN and Amazon regarding their lists have been unanswered thus far.

******

Pottermore is the hot new site around. All that is known about it is that it is related to Harry Potter and brought to you by JKRowling’s empire. PaidContent got a hold of some alleged Pottermore screenshots which suggest that there might be an online store that will be selling ebooks. HP ebooks direct from Rowling?

Rowling has been notorious for not allowing the HP books to be digitized. Yet, she was quoted as saying, “However, there are times when e-books are a Godsend.”  We’ll all know in a week.

******

Over in the UK, Avon signed an exclusive deal with a grocery store chain to sell three titles:

Trisha Ashley’s novel Sowing Secrets and Beverly Barton’s Amnesia will sell exclusively in Sainsbury’s physical and online stores from July and The Perfect Christmas by Georgie Carter will be available from September. All three books are published by Avon, a division of HarperCollins, which credits the supermarket with a “clearly defined focus on sourcing great seasonal products for their customers”.

This would be similar to Avon signing a deal with Wal-mart so that you had to go to Walmart or Walmart.com to buy a book.  My eyebrows are raised.

******

Writerspace.com was hacked and a list of its members, their emails and passwords were released on the internet.  If you haven’t changed your password, do so immediately.  Also, people, do not use the word “password” as your password.  Apparently writerspace stored their emails in a plain text file versus an encrypted file (kind of like Sony).  WordPress stores passwords as an MD5 hash, in case you were wondering about what is going on here at DA.

 

Jane Litte is the founder of Dear Author, a lawyer, and a lover of pencil skirts. She spends her downtime reading romances and writing about them. Her TBR pile is much larger than the one shown in the picture and not as pretty. You can reach Jane by email at jane @ dearauthor dot com

22 Comments

  1. Darlene Marshall
    Jun 17, 2011 @ 15:31:23

    That really burns me up about Writerspace. I spent all day updating and changing passwords after I got a notice from them, and now I find they weren’t using adequate security to protect my data.

    People use “password” as their password? Seriously?

    ReplyReply

  2. Fionn Jameson
    Jun 17, 2011 @ 15:44:07

    @Darlene: Better than the password “guessthis”

    ReplyReply

  3. Nicole
    Jun 17, 2011 @ 15:47:15

    Or some people were using the name of the website as the password.

    Amazon was nice enough to be quicker than Writerspace at getting things out and sent me an email even though the problem wasn’t from them.

    ReplyReply

  4. joanne
    Jun 17, 2011 @ 16:07:24

    Along with the Writerspace mess my yahoo mail account was also hacked… my husband wants to know why I’m sending him links to viagra. Arghhhh….

    ReplyReply

  5. PatF
    Jun 17, 2011 @ 16:30:02

    Does this mean I should change my password at all websites that I use that require a password?

    ReplyReply

  6. joanne
    Jun 17, 2011 @ 16:33:21

    Along with the Writerspace mess my email account was hacked. My husband wants to know why I’m sending him links to viagra. Arrrgh.

    @PatF: I’ve changed my passwords everywhere, I think, just to be kinda-sorta-safe.

    ReplyReply

  7. Meljean
    Jun 17, 2011 @ 17:19:16

    @PatF: If you’ve been using the same e-mail/password everywhere, then you need to change them.

    It never hurts to change them all, anyway, but I’d prioritize any website where you have ever entered financial information and/or personal information. For me, that means Amazon/B&N/The Book Depository, Paypal, my bank accounts, all of my e-mail accounts, my website databases and WordPress logins, and anywhere I might have one-click shopping. Next are my social sites (Twitter and Facebook) — and then lastly, forums and websites as I think about or use them again. If you look at your browsing history for the past week or month, you’ll probably find a few that you might not have thought of off the top of your head.

    I regularly change the more sensitive passwords, anyway, and use different passwords for each of them, so that one password wouldn’t give someone access to everything. I do use the same easy-to-remember password at a lot of forums (like Writerspace), but I’d never use that password for my e-mail or anything more personal. I’m a lot more worried about someone stealing money or forwarding private e-mails than posting naked pictures under my name in a public forum, I guess.

    Which is a very long way to say what I began with: Yes, you should probably change them, starting with the sites that could hurt you if that information got out.

    ReplyReply

  8. Berinn Rae
    Jun 17, 2011 @ 17:23:44

    I too was hit by Writerspace’s folly. And my folly was that I used the same password for many of my online sites (lesson learned). Within a half hour yesterday, I received notification that 5 of my online accounts had been accessed. I changed all my passwords today and more importantly, made each password UNIQUE.

    LulzSec (the guys who are hacking and posting the info from many, many sites – not just Writerspace) are having a ball. I’m not.

    ReplyReply

  9. Dana S
    Jun 17, 2011 @ 17:50:15

    Thanks for the heads up about Writerspace. I created an account there years ago, but fortunately that password has been defunct for years. I never even got a notice from Writerspace, I’m seriously pissed at their shitty security.

    ReplyReply

  10. Danielle D
    Jun 17, 2011 @ 18:31:25

    It just took me over an hour to change all my passwords. It’s a good thing that my password is not the same for every website that I log on to.

    ReplyReply

  11. Maili
    Jun 17, 2011 @ 18:41:31

    @Darlene Marshall: Yes! This still amuses me: The Top 500 Worst Passwords of All Time.

    Seriously though, it’s always a good idea to change passwords – of email accounts and any accounts than handle money – once every month or fortnight.

    ReplyReply

  12. job
    Jun 17, 2011 @ 19:47:09

    An anonymous person notified me of the hacker site six or eight hours before Amazon did.

    This was a great kindness. I’ll thank them here.

    ReplyReply

  13. Michael
    Jun 17, 2011 @ 20:07:25

    They may not have been using plaintext. In fact, they may have used MD5 and thought that would protect their users.

    Hackers take numerous dictionaries and generate the MD5 values of all the words and names in them.

    Eg., ‘bookworm’ would become ‘e0bfa30ac77faf071cda9e9af49d9bcc’

    Then when they hack a site and get a list of hashed MD5 passwords, and find ‘e0bfa30ac77faf071cda9e9af49d9bcc’ in there, they know the user’s password was ‘bookworm’.

    This is why it’s so important not to use plain, unmodified dictionary words or names for passwords. Always include some numbers and a mix of uppercase / lowercase letters. By the way, don’t think that changing the letter I to a one, or O to a zero will fool the hackers’ cracking programs. They also have tables showing them the hash values for common numerical substitutions. You have to be more unpredictable than that. You can even try throwing in some punctuation if the site will let you.

    Of course, passwords have to be remembered too, so one has to find a balance between difficult to crack and something memorable.

    People will tell you to never ever use the same password on two sites. And I’ll tell you that’s great in theory, hard in practice. What I do is use the same password on inconsequential sites, where it won’t particularly harm me if someone gets hold of those accounts. Use unique passwords for important accounts: finance, email, social networks.

    Webmasters out there can increase the security of their password storage by adding something called a ‘salt’. Basically this adds a secret value to a password before it’s converted to MD5, so that the hash won’t be as useful to anyone who steals it. While not unbeatable, it’s a step up from what many websites are using.

    ReplyReply

  14. Wahoo Suze
    Jun 18, 2011 @ 01:01:27

    What with my post-40 memory, I’ve had to start keeping a little book where I write my passwords. I can’t keep up with online life otherwise. I’ve already got two accounts with my on-line tax return service. Sigh.

    ReplyReply

  15. LVLMLeah
    Jun 18, 2011 @ 09:22:54

    I have a little book with all my passwords. At the momment it’s like 15 different ones. And believe me, I do have to look stuff up all the time.

    I use a unique password for each of my email and other accounts that hold financial info.

    I use several common passwords for sites that don’t hold sensitive information and it doesn’t matter as much.

    Even though I dind’t have a Writerspace account, this is a good reminder to go in a change passwords up again.

    I just heard on the news that Firefox and Chrome are now vulnerable to hackers and that The fix is coming out with the next versions of those browsers next week. Um… seriously? Fix it NOW! I’m using IE as a browser for the first time ever. Who know that IE would ever be safer than FF?

    ReplyReply

  16. coribo25
    Jun 18, 2011 @ 10:28:29

    Pubit is only open to US bank account holding indies at the moment. Maybe that accounts for the shortfall?

    ReplyReply

  17. elaine mueller
    Jun 18, 2011 @ 11:35:56

    15+ years ago, zebra/kensington had a publishing agreement with walmart — precious gems??? i don’t know how that ever worked out.

    25 or so years ago, crown publishers had a deal with waldenbooks — pageant books — that didn’t do very well and folded within a year or so.

    this makes me wonder if the whole amazon-as-publisher will prove to be a good idea.

    but what do i know?

    elaine

    ReplyReply

  18. Mary Anne Graham
    Jun 18, 2011 @ 17:27:53

    The hacker crowd got me too. I was not amused. Those people need to get a life. Seriously.

    However, I’d like to point out how grateful I am to Amazon. I got an email from the company notifying me that some of my info was on the list (not all, thankfully, but I still changed all my passwords). Amazon advised that it had frozen my account until I contacted the company to change my password.

    I think too often people have no problem remembering to yell and scream when things go wrong. Somehow, it seems harder to remember to say “thank you” when they go right.

    So – thanks Amazon – I appreciate your looking out for me!

    ReplyReply

  19. Tamara Hogan
    Jun 19, 2011 @ 07:22:05

    Keep in mind that every online account you open increases your risk of hacking and identity theft. A hacker or social engineer, with the right tools and malicious intent, can do a hell of a lot of damage with just your name and email address. Supply your street address and birthday, and the sky’s the limit.

    Your personal data is so, so precious. Gotta play defense here, folks.

    ReplyReply

  20. Stacy S
    Jun 19, 2011 @ 12:32:09

    I got a email from someone else first before writerspace. Like everyone else it took a long time changing everything.

    ReplyReply

  21. anika
    Jun 19, 2011 @ 13:54:19

    The really annoying thing about Writerspace is that they have been keeping emails/passwords of people who have unsubscribed from their services. So even though you’ve left, now because you used their service years ago (and told them to remove you) you have to go and change everything.

    Because of them and the hassle I went though to get off their mailing list I have become very cautious about what I sign up for on the net.

    ReplyReply

  22. Silke
    Jun 20, 2011 @ 14:00:34

    Anika, the same thing happened to me.
    I was never able to log into Writerspace and only signed up some years ago for some chat they were having.
    Now I’ve basically lost that email address completely. It’s defunct now, because once it’s out there, even if you haven’t used it for any logins anywhere, the first people who will download that file are the spammers.
    I turned boxtrapper on for the first time in ages on that email account, and yep, the spam is starting to flood in.

    For those of you who want to keep a record of what you use login and site wise — try Roboform (roboform.com), but for Gods sake use the desktop or the USB version, not the one that syncs back to their server. Yes, you need a master password to get at the stuff, but seriously, if their server gets hacked, then we’re really in deep sheep.
    I’m sticking to the USB version.

    ReplyReply

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

%d bloggers like this: