BreachExchange mailing list archives
fringe: Hacker Breaches Marketing Software Maker
From: security curmudgeon <jericho () attrition org>
Date: Fri, 30 Nov 2007 22:12:16 +0000 (UTC)
So far, there is no proof or evidence that PII was compromised. However, some of the articles and quotes from Convio are suspicious to me. ".. had to do with passwords and e-mail addresses and not anything more severe". When you log in to the site as one of the clients, it seems odd that the page would not show a little more information about the account, be it a name, login ID or something. - jericho ---------- Forwarded message ---------- From: Joel Baumgartner <beautiful.scarredme () yahoo com> AUSTIN (AP) -- A marketing software company serving nonprofits across the country including The American Red Cross said Tuesday that a hacker stole e-mail addresses and password information from its clients' databases. Tad Druart, a spokesman for Austin-based Convio Inc., said the company has notified federal authorities of a data breach between Oct. 23 and Nov. 1. The hacker used an employee's password to get at the data, Druart said. No Social Security numbers or bank account information was stolen, Druart said. He said the company immediately notified the 92 companies affected, though he would not name them, and it wasn't known how much information was compromised. Red Cross spokeswoman Stephanie Millian confirmed that roughly 278,000 e-mail addresses and a smaller number of passwords were taken from a Red Cross blood drive Web site that ran on Convio's software. She said the Red Cross notified affected users Nov. 14. "We were fortunate in that this had to do with passwords and e-mail addresses and not anything more severe," Millian said. Convio, which has filed papers to prepare for an initial public offering, has 1,200 clients. Only clients using a program called GetActive, which Convio acquired in March, were affected by the hacker, Druart said. It was the first time the company's online security has been compromised, he added. Convio said it continues to investigate the breach and has hired outside security experts and taken other measures to prevent future attacks. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- fringe: Hacker Breaches Marketing Software Maker security curmudgeon (Nov 30)