OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] fringe: Hacker Breaches Marketing Software Maker

From: security curmudgeon (jerichoattrition.org)
Date: Fri Nov 30 2007 - 16:12:16 CST


So far, there is no proof or evidence that PII was compromised. However,
some of the articles and quotes from Convio are suspicious to me. ".. had
to do with passwords and e-mail addresses and not anything more severe".
When you log in to the site as one of the clients, it seems odd that the
page would not show a little more information about the account, be it a
name, login ID or something. - jericho

---------- Forwarded message ----------
From: Joel Baumgartner <beautiful.scarredmeyahoo.com>

  AUSTIN (AP) -- A marketing software company serving nonprofits across the
country including The American Red Cross said Tuesday that a hacker stole
e-mail addresses and password information from its clients' databases.
  Tad Druart, a spokesman for Austin-based Convio Inc., said the company
has notified federal authorities of a data breach between Oct. 23 and Nov.
1. The hacker used an employee's password to get at the data, Druart said.
  No Social Security numbers or bank account information was stolen, Druart
said. He said the company immediately notified the 92 companies affected,
though he would not name them, and it wasn't known how much information
was compromised.
  Red Cross spokeswoman Stephanie Millian confirmed that roughly 278,000
e-mail addresses and a smaller number of passwords were taken from a Red
Cross blood drive Web site that ran on Convio's software. She said the Red
Cross notified affected users Nov. 14.
  "We were fortunate in that this had to do with passwords and e-mail
addresses and not anything more severe," Millian said.
  Convio, which has filed papers to prepare for an initial public offering,
has 1,200 clients. Only clients using a program called GetActive, which
Convio acquired in March, were affected by the hacker, Druart said. It was
the first time the company's online security has been compromised, he
added.
  Convio said it continues to investigate the breach and has hired outside
security experts and taken other measures to prevent future attacks.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml