Fwd: Important information about a security breach at Ravelry.com (fwd)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: "Ravelry" <contact-us () ravelry com>
Date: Jun 6, 2011 2:41 AM
Subject: Important information about a security breach at Ravelry.com
To:

          [image: Ravelry] <http://www.ravelry.com>
          (Wondering if this email is real? You can also see a similar notice
by logging in to Ravelry.com) *Important Information about a Ravelry
Security Breach*

  Dear Ravelry member,

An attacker recently managed to break in to one of Ravelry's secondary 
servers. Once inside, they were able to access user names, 
*encrypted*passwords, and possibly email addresses. Your passwords could 
not be seen and no financial or other sensitive information was accessed 
as we do not collect or store this type of data.

We think that it is important to be overly cautious and we need you to 
change your password on Ravelry and on any other sites where you've used 
the same or similar password, even if you used different usernames. 
Because passwords were encrypted, we do not think that your password has 
been exposed but it is important to change your passwords just to be safe. 
There is a chance that some passwords could be decrypted given enough time 
and computer power and we don't want to put anyone at risk.

You can change your password by logging into Ravelry 
(http://www.ravelry.com) and clicking the "change your password now" 
button on the security notice on the front page.  You can also change your 
password by editing your profile: click your username in the upper right 
of the page to access your profile, and click "edit your profile" to 
change your password.  If you do not remember your Ravelry password, and 
you have tried any passwords you may use on other sites, you can click "I 
forgot" on the Ravelry homepage to receive a link for changing your 
password.  If your browser is remembering your password, you will need to 
log out to access that option.

*If you would like to delete your Ravelry account, *you do that by going 
to the change password page mentioned above and using the "Delete my 
Ravelry account" link.

*More information regarding the security breach,* including the steps we 
are taking to make Ravelry more secure, can be found in our full notice at 
http://www.ravelry.com/?showletter=1.  Additionally, we are listing 
answers to Frequently Asked Questions and fielding further questions in 
our 
forums<http://www.ravelry.com/discuss/for-the-love-of-ravelry/1688283>. 
You are also welcome to reply to this message if you have any questions or 
concerns.

We are deeply sorry that this has happened. We care very much about 
everyone on Ravelry and we're taking steps to make sure that we are all 
more safe from this sort of attack.

We are also very sorry that some people who are not active members may 
have been affected. If you'd like to delete your Ravelry account, please 
use the information above to do so.


Casey, Jess, Mary-Heather and Sarah




(photo of our dog Bob after being sprayed by a skunk in 2009)


   If you would like to unsubscribe and stop receiving these emails click
here [URL]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/