Hackers Are Targeting Createspace Author Accounts

by | Nov 12, 2018

By Nate Hoffelder

We’ve been contacted by a couple of our readers who have, unfortunately, had their Createspace accounts hacked, and we felt this was something you all needed to be aware of. We are pleased to provide this guest post by Nate Hoffelder on the topic. If you have a Createspace account, you will definitely want to read this.


Authors who have an account on Createspace should go change their passwords immediately — and while they’re at it, they should also double check their payment details.

Reports of Hacking

This story has for the most part been ignored by the press, but starting some time in March or April 2018, hackers began to target author accounts on Createspace.

I have read multiple independent reports in several closed Facebook groups, Reddit, and on Kbaords dated in April, June, July, August, and as late as the first week of November from authors who say that someone hacked their CS account.

Many of the reports sound like this:

I woke up this morning to read this email:

“This is an automated message confirming that royalty payment information has been updated in your CreateSpace account. If you did not make any changes to this information, please use the Contact Support feature in your account to reach our Customer Service team.”

I thought it was a random email that was a mistake. But it wasn’t. I called Createspace and indeed, someone had hijacked my account and deleted my payment information and substituted their Name and direct deposit information. I am due to get paid in about a week, so I am thankful they did not receive any of my payments before I caught it.

I’ve had to change my email, password and update payment info again.

It is not clear at this time how the hackers are gaining access. At least one author said they used a complex and unique password on their Createspace account, and yet they were still hacked. All we know right now is that Createspace accounts are still getting hacked, and for that reason I strongly urge that authors change their password on their Createspace account double check their payment details.

While it is true that Createspace automatically sends out emails when payment details are changed, you do not want to take the chance that the email they sent you got lost.

Take Action

Go change your password today, and make sure it is both long enough that it’s hard to guess and simple enough that it is easy to remember. XKCD has comic that explains why.

Amazon was contacted before this post was published, but did not respond.

WordPressNate Hoffelder has been building and running WordPress sites since 2010. He blogs about indie publishing and helps authors connect with readers by customizing websites to suit each author’s voice. You may have heard of his site, The Digital Reader, mentioned on podcasts such as The Creative Penn, Wordslinger, or Sell More Books Show. In his spare time, he fosters dogs for A Forever Home, a local rescue group.
 
Photo: BigStockPhoto

tbd advanced publishing starter kit

12 Comments

  1. Rashel Ahmed

    OMG. What a news… It’s really surprising news. Thank you so much.

    Reply
  2. David Mignery

    Book pirates have hijacked PDF files of my books (and many others) and are selling them on line. In my case, the only way they could have gotten these files is from Createspace or KDP.
    Neither of them seem very concerned.

    Reply
    • Nate

      Are you sure they actually have the file?

      The reason I ask is that most of the time those sites claim to have a PDf but are actually running a phishing scam on their “customers”. The sites are using the appearance of having your ebook as bait so they can get someone’s credit card, which can then be sold online.

      Reply
  3. Jill Engledow

    I have a different problem: I found my book cover and back-cover copy on a website I’d never heard of, for sale about $1.50 more than the CreateSpace price. How did it get there? The site (jet.com) says they “trust” their sellers and protect them, so won’t give me contact info for the seller and don’t see to care that this is unethical. I confess, I make so little on that book that I haven’t pushed hard enough to get to the bottom of it, but I think I’ll contact CreateSpace now.

    Reply
  4. Amber Polo

    I’m confused. I thought all the payments are now being made through KDP since print books are moved from Create Space.

    Reply
    • Bill Peschel

      When I checked my account on CreateSpace, it still had $1.30 in it. I can only hope they’ll pay me later this month.

      I think that there’s also people with books still in CreateSpace that haven’t moved them over yet.

      Reply
    • Nate

      This surprised me too, Amber. But I guess Amazon still hasn’t moved everyone over to KDP print, and accounts are still being hacked.

      Reply
    • Nate

      Welcome!

      Reply
  5. Bill Peschel

    It didn’t occur to me until I went over there to change the information, but here’s what you can also do while you’re at CreateSpace:

    Remove your credit card information. If you’re books are not there, you won’t be ordering any more books, so why leave the information there? Deleting it is easy.
    I went online to a strong random password generator and found a 16-letter combination.
    I double-checked the banking information, as you recommended.
    Best of all, I downloaded all the reports of payments and sales. I don’t know if I’ll need them, but it did tell me how many of each book they sold and how much I was paid for them. Once they take the site online, it’s gone!

    Reply
    • Nate

      Great advice, Bill!

      Reply
  6. Michael W. Perry

    Quote: It is not clear at this time how the hackers are gaining access. At least one author said they used a complex and unique password on their Createspace account, and yet they were still hacked.

    That is disturbing. Mostly likely, there’s a Createspace insider leaking these passwords or Createspace staff are so ill-trained they fall for social engineering hacks.

    “Social engineering is the art of getting people to give you the information you are seeking, rather than breaking into a system to get it. Among the most sought after bits of information is the username and password.”

    https://null-byte.wonderhowto.com/how-to/hack-like-pro-ultimate-social-engineering-hack-0150355/

    As that article suggests, it is also possible that the person mentioned used that difficult password at multiple sites. That’s why it is a good idea to use apps that make it easier to have a separate password for every website you use.

    Reply

Trackbacks/Pingbacks

  1. Never Able to Catch Gail Carriger at Events? Check out this video of her Panel on the Paarasolverse at Teslacon! - Gail Carriger - Gail Carriger - […] Hackers Are Targeting Createspace Author Accounts […]
  2. Episode 242 – KDP Reports, Pay to Play, and Help From Your Friends | Sell More Books Show - […] News #5: What a Hack News #4: Many Happy Returns News #3: Report Reboot (1) News #3: Report Reboot…
  3. Publicity Tips--Why I Love Email Interviews | The Publicity Hound's Tips of the Week - […] do: Read his short article “Hackers Are Targeting Createspace Author Accounts.” Then change your password and check your payment…
  4. Nieuws uit de uitgeefwereld: 11 nov. t/m 17 nov. 2018 | Maria Staal - […] van The Book Designer, schreef na aanleiding van berichten van gebruikers een artikel over het hacken van Createspace accounts.…
  5. Top Picks Thursday! For Writers & Readers 11-15-2018 | The Author Chronicles - […] If you have a CreateSpace account, beware. Nate Hoffelder tells us hackers are targeting CreateSpace author accounts to siphon…
  6. Morning Coffee – 14 November 2018 - came939棋牌官方 - […] Hackers are still targeting author accounts on Createspace. […]
  7. Hackers Are Targeting Createspace Author Accounts – Written By Nate Hoffelder On The Book Designer Blog – Writer's Treasure Chest - […] https://www.thebookdesigner.com/2018/11/hackers-are-targeting-createspace-author-accounts/ […]

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.