Tuts+ Premium Back Live and Patched

 61   Tweet

Note: This post hasn't been updated in over 2 years.

After this week’s security breach and account compromise on Tuts+ Premium, we have now completed patching the service to no longer store passwords in cleartext. We’ve brought the system back online and are monitoring it closely.

If you notice anything odd about the Tuts+ Premium site or service, or have any problems with your account, please contact Support to let us know. We’re watching closely to make sure everything is working as it should, that the security of the site is intact and that members are inconvenienced as little as possible from here on in.

Catching up on 3 days of records

With the system down for three days, we’re slowly catching up on PayPal and Moneybookers payment notifications. This may take a little while for them all to be resent and captured by the system. If your monthly payment was paid in the last few days and you experience any problems logging in, please contact Support.

Refunds and Member Access

With the site now back up and running, we’re pulling together the records for payment of refunds and then next after that is sorting out free member access.

Trouble Receiving Password Resets

If you are having trouble receiving the password reset email: first check your spam folder for emails from support@tutsplus.com. If you still have not received your password reset email, please contact Support.

  • Pingback: Tuts+ Premium Account Security Compromised | Envato Notes()

  • Pingback: Update on Tuts+ Premium Security Breach | Envato Notes()

  • http://heptathemes.com Lucas del Rio

    Great you are back!

  • Tobias Aberg

    Glad you’re back! Good luck with the remaining parts of this mess :)

  • http://www.junwatu.com Eq

    Great! tuts+ is back online! but i still have problem with login though. I’m not received e-mail for directions on how to change my password. is anyone have this issue ?

    • Oystein

      I’m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.

    • http://iamcollis.tumblr.com Collis Ta’eed

      Hey Eq, we’ve just switched the Forgot password email down to a plaintext one in case the HTML was more likely to get caught in a spam filter.

      The devs are double checking but emails seem to be sending OK and we’ve managed quite a few reset passwords so far, so might also be worth checking spam folder/filter?

    • http://www.junwatu.com Eq

      Yes! reset-password email in my inbox. Now i can login again to tuts+!. Thanks Collis.

    • SpillnerDesign

      Same here – I am not getting a reset password mail.

  • Matthew Killington

    I have the login issue as well I sent support a ticket just waiting for a reply

    • http://iamcollis.tumblr.com Collis Ta’eed

      Hey Matt, as I mentioned above, we’ve switched to a plaintext email in case the other one was getting caught. Can you check your spam filters and maybe try having it sent again?

    • Matthew Killington

      I have looked in spam etc and tryed 10ish times still nothing

    • Matthew Killington

      Hey Collis Ta’eed, If i submit a ticket with the paypay ID to prove I paid for tuts plus (2days before it went down) in a support ticket and submit the ID here will you take a look at it please as I did a password reset a few hours ago and still nothing and tried just now.

  • Blake

    Glad you’re back online!

  • srikanth

    Site is very fast and working good like before. Any news about the extra 2 months premium?

  • Micha

    Hopefully it’s just the crowded mail-queue slowing everything down as the email hasn’t arrived here yet (I already checked spam-filter/-folder)…

    • Tobias Aberg

      I changed my email after the password reset and the confirmation took some time to arrive but it did so you’re probably right.

  • http://codecanyon.net/user/dtbaker dtbaker

    Woo back online! Good job.

  • Gabor

    Thanx for everything! I’m so happy you are back! The password reset was smooth, I received your confirmation letter in a second. So I’m going to take the plunge into the courses again. :-)

  • http://philmorrow.co.uk Phil Morrow

    Great stuff, good job guys :)

    Just reset my password though and I have to admit I was surprised to see you’re still using Amember. After all this, you still want to use them?

    • Michael

      Collis real concern isn’t weather your information stored in cleartext or not nor what system he uses. His only concern is your money, the quicker he’s back online the quicker he can take your money.

      Like it or not that’s the facts. He knew about this issue long ago and did nothing to fix it. It wasn’t until sh*t hit the fan did it force him to act upon it.

      Though I’m sure a change moving away from amember “is in the pipeline”.

    • http://iamcollis.tumblr.com Collis Ta’eed

      Hey Phil,

      Unfortunately the project to replace aMember is still going, it’s going to take a while. In the few days since the incident our only real choice has been to roll out a steady stream of patches for aMember’s issues. I hadn’t expected it was actually as possible as it’s turned out to be I must say. But I’m glad at least we could fix it.

      After this, it’s back to replacing aMember completely – cannot wait!!

    • http://www.junwatu.com Eq

      with refund and 2 month free of access? hmm…i think there are another reasons why envato still using it which i’m sure we are all want to know why ?

    • http://philmorrow.co.uk Phil Morrow

      Thanks for the response Collis.

      Michael – Surely you mean; “The quicker he’s back online, the quicker he can give me my money back and then give me a free service for a couple of months”. ;p

      In my opinion, Collis’ failing here has been in his love of new projects. He can sometimes move too fast for the company, and almost all of his projects tend to be successful and grow fast – making it even harder for the company to grow properly with them. I think it comes from a love of doing exciting things and creating stuff, not some calculated business decision based on profits.

  • http://www.themeforest.net/user/SomniaThemes Timon


    I think you handled the communication with your customer well, alot of companies can learn from this. You’ve learned alot from this situation also I bet. :)

    Good luck.

  • Emre

    Why the hell did you store passwords as cleartext before?

  • http://www.kbphotography.co.za photokirst

    Glad you’re back on line, but i am having the same problem: I ave submitted a password reset request with both my username and email address – no response in inbox or spam.

    Have logged a ticket with support..

    • http://www.kbphotography.co.za photokirst

      Hi Collis

      I haven’t had any feedback in an hour.. I need my account to be back on line by the weekend – please advise?


  • Esteve

    Sorry but I think Collis was sincere, fast to fix an imporant issue and generous (refunds).

    Other services have been down or hacked and none os these explanations and considerations were made.

    Collis, I’m a customer satisfied with your dilligence and information provided, keep working on the best teaching website related resource on the web with very smart people like Jeffrey.

  • Phil Koury

    I paid for a premium membership on 6/21. I didn’t have access before the service went down and I don’t have access now…

    Glad you got the passwords fixed but by the looks of things there are some other issues.

  • http://Nicetohaveyouback dante1

    It`s good to have you back on track, now what do I need to do now as my Ticket ID: 231872 I had the money withdrawn twice from my account to pay for june , I need the second payment to be for july , besides the two months free you promised for august and september, I hope to hear for you soon guys,
    Thanks a lot for you support

  • Fotis

    I was able to reset my password and log in to the system, however, my account seems to have expired cause I use a debit card for the site and didn’t have enough money on the card for my membership to automatically renew.

    Should I renew my membership so that I can get that refund or is there another way.

    Also, my membership expired with only the first failed attempt to charge my card. Surely an email should have been sent informing me that there was a failed charge so that I can have some time to rectify the issue before my account is expired.

  • Dre

    Is learncss.tutsplus.com gone forever? I had a friend that wanted to get started with webdesign and tutsplus and I thought that would be a great first step.

    • Krisicash

      Yeah its down for me too :( and i was on day 16, its great course i hope it isn’t lost forever.

  • Gochoo Gomboo

    Glad you are back. But what about refunds and Free months?

    • Brandon Jones

      It’s mentioned in the post:

      “With the site now back up and running, we’re pulling together the records for payment of refunds and then next after that is sorting out free member access.”


  • http://davemeyerson.com Dave

    Everything works for me as it should, password was reset properly and I’m back in action.

    Collis and all, I realize this was a shitty situation, but you handled it more gracefully than I imagine other sites would have. Cudos for the information, updates and transparency.

    • Brenda Malone


  • Thomas

    Frankly I haven’t seen a paid ‘tut that’s been worth my money for a while. After this I’m dropping my membership.

    Who the F- stores passwords in plain text?!

    You’re supposed to be disseminating best practices and you don’t don’t follow them yourself?

    Maybe the correct response to this it to start featuring tutorials describing best practices in Internet security.

  • Brian Horlings

    I am having issues with the reset your password email. I have tried submitting the form three times and have yet to receive the email.

    I have checked my spam folder also and it is not there.

    Any help would be appreciated. Thanks in advance.

    • Brian Horlings

      On a whim I tried it from Firefox instead of Chrome and I received my email. Looks like it has something to do with what browser the client is running.

  • Rostislav Stoyanov

    When I click on reset password link I see


    You don’t have permission to access /amember/reset_password.php on this server.

  • stephen

    This full thing hasn’t put me off tuts at all but the one thing that is a bit annoying is that the password reset isn’t working for everyone and its not a problem with spam filters or junk folders but that’s the only thing i seem to be seeing as a reply to the problem.

  • thecodingdude

    To be honest, whilst you still use this system, the site is not secure. I think I’ve done enough to prove this system is not secure (I basically found gaping holes in their system).

    Envato, please cut your losses and scrap your system. It’s insecure (even at this very moment, it is /still/ insecure).

  • http://pinoyscreencast.net rnovino

    Glad your Back :) your site is a really big help, more power to the team and keep up the good job

  • Brenda Malone

    I am GOLDEN! Reset password without a hitch! We are so glad you guys are back. Now, here’s what you all need:

    BACK TO WORK IN ABOUT 24 HOURS producing the world’s premiere tutorial and marketplace sites!

  • ddozen

    I still can’t access the courses and tutorials and I subscribed for the monthly membership. this is frustrating me !

  • Rich

    Well I’ve submitted a ticket and am awaiting a reply, hopefully it won’t take forever for me to gain access back to my account.

    I’ve tried numerous times using my email address and also my username and nothing arrives and no it’s not in spam.

    Strange thing is on one of my old accounts (gmail) I had no problems getting the password reset, but when using my hosting providers email that’s where it fails.

  • Rich

    I’ve now received a reply back to my ticket and I’m now back in :)

    Many thanks Collis.

  • gdi2290

    y u no ssl?

  • NotDoneYet

    I completely agree wit hgdi2290. If someone got onto your servers with your database, they are smart enough to see that all of your traffic is still going across in plain text on port 80 via HTTP. You really should use SSL for any sensitive data transmissions on your sites. Cheers!

  • Mario

    Welcome back.

    What happened with what you said that everyone will get 2 months premium account? It seems I didn’t get that.


  • concerned

    I think it would be prudent to offer the free months to the premium members before or whilst sorting out refunds … I think I speak for most people in saying access is more important than the cash we gave up for the same access. Love your tutorials.

  • http://simpletechlife.in praveen

    Looking forward to having the 2 months free access.


  • Anton

    I’m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.

    I chacked my spam filters. It’s empty…

  • http://www.ben-gibson.co.uk Ben Gibson

    Really shocked of all companies to store passwords in plain text, as an amateur, and reader of tuts, even I am aware of encryption, every single project I have worked on since day one has always used encryption, its pre-school stuff.

    Most annoyingly since the passwords have been reset I have been unable to discover which one of my passwords has been compromised and so I have had to change passwords across every service I have ever used :@.

    Found there has been less and less articles on here anyway so not worth trusting anymore passwords with tuts, time to move on!

  • Hector

    reset my password and what is this two month free access announcement on the last note

  • Shiro

    m also having trouble with the reset-password mail. I have submitted both username and e-mail, but I still havent got any mail to reset my password.
    I chacked my spam filters. It’s empty…

    +1 for me

    • Shiro

      Thanks Brian Horlings,
      It works in Firefox and it is instance!

  • http://www.awebapart.it Paolo

    Glad you’re back guys…but please, the password in plain text! I used to do that, when I started programming 15 years ago, by the time I’d made my first website I’d already found a tutorial which taught me to encrypt them! I’m going to trust you, because your tutorials are amazing, and I now that our job is a tough one, please don’t let me down again!

  • Franky


    Glad you are back, but how long do we have to wait for our support ticket to get answered???