TechSoup.org

TechSoup Delivered

New articles, discussions, offers. Weekly.
(View sample)


Additions to the TechSoup Stock catalog. Monthly.
(View sample)


RSS Feed

Be notified of new articles as soon as we publish them.

Blog Search

Other TechSoup Blogs:

Donated Products

TechSoup Stock Logo

TechSoup Stock connects nonprofits and public libraries with donated and discounted technology products. Choose from over 240 products from companies such as Microsoft, Adobe, and Symantec. Visit TechSoup Stock.

Blog RSS Feed

Syndicate content Subscribe to Our RSS Feed to have blog posts sent directly to your Web site or inbox.

Security Breach FAQ - Updated

Wed, 11/28/2007 - 2:10pm — Willow Cook

Last Monday, November 19, TechSoup learned that it was one of the organizations affected by the Convio/GetActive break-in, in which hackers stole email addresses and passwords of subscribers to various nonprofit newsletters.

Within a matter of hours, TechSoup contacted the 3,000 subscribers whose passwords may have been stolen. We also took the further step of sending out a general email advising all subscribers of the problem and cautioning them to be on the lookout for emails that appeared to come from TechSoup requesting personal or financial information. TechSoup has also posted notices on its site alerting visitors of the security breach.

The news has naturally generated concern among our subscribers. Below are answers to some frequently asked questions about the security breach. If you have additional questions, please feel free to post them to our forums, where they will be promptly answered by a TechSoup representative.

1. Who exactly was affected by the breach?

TechSoup, along with 91 other clients of Convio, had information from some of its email newsletter subscribers stolen by hackers who broke into Convio’s systems. While the vast majority were unaffected, some TechSoup members may have had their email addresses and/or passwords used to manage their email subscriptions stolen. There was no loss of credit card numbers, financial information, or postal addresses, in this incident.

2. What is TechSoup’s relationship to Convio?

Convio’s subsidiary, GetActive Software, is the vendor that TechSoup uses to deliver email newsletters and mass communications. TechSoup does not use Convio’s services for donations or fundraising.

3. Was my TechSoup account affected?

No, usernames and passwords that you use on the TechSoup or TechSoup Stock Web sites for you or your organization were not compromised; only email addresses and passwords used to manage email subscriptions through Convio were affected.

4. Were any credit card numbers stolen?

No, there was no breach of credit card information. TechSoup does not provide this information to Convio; nor do we store your credit card information in our own systems.

5. How can I tell if I was one of the users who had a password for email newsletters?

For TechSoup email subscribers, only a small percentage of the Convio accounts had a password. If you can't remember if you created a password when you signed up for TechSoup's email newsletters, please refer back to the email you received from TechSoup. Here's what to look for:

  • If your account had a password, the email you received from TechSoup will have included the sentence "Convio's records indicate that your account did have a password" in the second paragraph.
  • However, if your account did not have a password, the email from TechSoup said "You have already been contacted in a separate email from TechSoup if you had a Convio password that may have been stolen" in the second paragraph.

Email addresses that were subscribed to TechSoup's newsletters received one of these two emails, but not both.

6. What steps has TechSoup taken to protect me?

TechSoup has contacted the small percentage of its members that, based on Convio’s records, had a password set to manage their email subscriptions. We have also posted notices on our Web site and blog, and continue to work closely with Convio to respond to this incident.

TechSoup recommends that if you use the email address and password on any other accounts (for example, banking, PayPal, Amazon, Web-based email, etc.), you change your password on those accounts. All email subscribers should pay careful attention to “phishing” emails you may receive requesting personal and financial information, even if it appears to be from TechSoup.

If you have any additional questions, you may also visit Convio's site, http://www.convio.com/onlinesecurity, or contact Convio's Security Hotline at 1-800-501-8193.

You may also contact TechSoup's Customer Service team at customerservice@techsoup.org or 1-800-659-3579, extension 700. TechSoup Stock Customer Service is available Monday-Friday, from 8 a.m. to 5 p.m. Pacific time.

..........................................................

Discuss This in Our Forums

Concerned about the recent Convio hacking? Share your questions in this TechSoup/TechSoup Stock Help forum discussion.

TrackBack: http://blog.techsoup.org/trackback/195
  • Delicious
  • Digg
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati

TechSoup Blog

http://www.techsoup.org/learningcenter/index.cfm

Copyright ©2001-2007, CompuMentor. All Rights Reserved.