I need to add nothing to scout's post apart from one rebuttal to one of your points: Out of the 5 vendors that had their accounts compromised in the same week as you, 1 of them admitted that they definitely entered their details into a phishing site, and another admitted that it was 'highly likely' that they entered their details into a phishing site. That leaves 3 vendors, all of whom are relatively new and seemingly inexperienced, who swear there's no chance they allowed their information to be compromised and that "SR fucked up". No large / experienced vendors were compromised over the two weeks that we see people getting phished, apart from albionessentialols - and funnily enough, he readily admitted that he was phished and accidentally gave his credentials away by logging in at the incorrect URL. If "SR fucked up" then everyone's accounts would have been compromised; as you can plainly see, that is not the case. Please take some responsibility for your inadequate security measures. Libertas