By Nate Hoffelder
We’ve been contacted by a couple of our readers who have, unfortunately, had their Createspace accounts hacked, and we felt this was something you all needed to be aware of. We are pleased to provide this guest post by Nate Hoffelder on the topic. If you have a Createspace account, you will definitely want to read this.
Authors who have an account on Createspace should go change their passwords immediately — and while they’re at it, they should also double check their payment details.
Reports of Hacking
This story has for the most part been ignored by the press, but starting some time in March or April 2018, hackers began to target author accounts on Createspace.
I have read multiple independent reports in several closed Facebook groups, Reddit, and on Kbaords dated in April, June, July, August, and as late as the first week of November from authors who say that someone hacked their CS account.
Many of the reports sound like this:
I woke up this morning to read this email:
“This is an automated message confirming that royalty payment information has been updated in your CreateSpace account. If you did not make any changes to this information, please use the Contact Support feature in your account to reach our Customer Service team.”
I thought it was a random email that was a mistake. But it wasn’t. I called Createspace and indeed, someone had hijacked my account and deleted my payment information and substituted their Name and direct deposit information. I am due to get paid in about a week, so I am thankful they did not receive any of my payments before I caught it.
I’ve had to change my email, password and update payment info again.
It is not clear at this time how the hackers are gaining access. At least one author said they used a complex and unique password on their Createspace account, and yet they were still hacked. All we know right now is that Createspace accounts are still getting hacked, and for that reason I strongly urge that authors change their password on their Createspace account double check their payment details.
While it is true that Createspace automatically sends out emails when payment details are changed, you do not want to take the chance that the email they sent you got lost.
Go change your password today, and make sure it is both long enough that it’s hard to guess and simple enough that it is easy to remember. XKCD has comic that explains why.
Amazon was contacted before this post was published, but did not respond.
Nate Hoffelder has been building and running WordPress sites since 2010. He blogs about indie publishing and helps authors connect with readers by customizing websites to suit each author’s voice. You may have heard of his site, The Digital Reader, mentioned on podcasts such as The Creative Penn, Wordslinger, or Sell More Books Show. In his spare time, he fosters dogs for A Forever Home, a local rescue group.