Self-publishing platform recently sent out an announcement to its authors containing the CEO’s year-ahead predictions, but if you didn’t pause to open that and read it, you might have missed the second item…and it’s pretty important.
First, if you’re one of the authors who pulled their books out of other retailers’ platforms to enroll in KDP Select, you might have forgotten you even have a Smashwords account. That doesn’t bode well for your security, since there’s a statistical likelihood that you also used a weak password or re-used existing login credentials on other more sensitive accounts.
According to the email, “The security team here at Smashwords has detected multiple attempts by cybercriminals attempting to log in to Smashwords author accounts using stolen email/password combinations…To date, we’re aware of two authors who were victimized, which in our minds are two too many! Working with our payments partner PayPal we managed to recover the funds for one author earlier today and will continue pressing them to do the same for the other.”
As it stands, anyone attempting to log into your Smashwords account is actually headed to your PayPal account. Authors are urged to log in, check their payment dashboard to ensure that everything is correct, and report anything unusual to Smashwords. While you’re there, change that password, and make sure that if you’ve used it on other sites, you change it in those places as well.
“To be clear, Smashwords has not been hacked. We’re sharing this alert with you out of an abundance of caution. We care about your security and we want you to take these simple steps to protect your account.”