[Dataloss] TR: [funsec] Attackers Snatch Member Data from 92 NonprofitOrganizations

HINDERER Vincent vhinderer at lexsi.com
Tue Nov 13 17:52:54 UTC 2007



-----Message d'origine-----
De : funsec-bounces at linuxbox.org [mailto:funsec-bounces at linuxbox.org] De la part de Paul Ferguson
Envoyé : mardi 13 novembre 2007 01:55
À : funsec at linuxbox.org
Objet : [funsec] Attackers Snatch Member Data from 92 NonprofitOrganizations

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via eWeek.

[snip]

Attackers have stolen passwords and accounts from 92 nonprofits by
infiltrating systems at Convio, the leading online marketing company for
nonprofits.

Affected nonprofit organizations include the American Museum of Natural
History, Working Assets, CARE and Free Press.

According to a letter sent by Convio to one of the affected organizations,
the e-mail addresses and member passwords were downloaded without
authorization from 92 GetActive clients between Oct. 23 and Nov. 1.
GetActive is an application that Convio acquired with the nonprofit eCRM
software company, also named GetActive, in February.

The attacker or attackers had prepared to steal the same information from
another 62 GetActive clients, but the attempt was foiled when Convio
discovered the breach late in the day on Nov. 1.

[snip]

More:
http://www.eweek.com/article2/0,1759,2215792,00.asp

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHOPXsq1pz9mNUZTMRAgJMAKC/6IZze14UT8Bjq5QoT8e2A7z2fACgjB8R
wKrSAKJ0Fx9n5sy/vT/TkBM=
=ZS5z
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



More information about the Dataloss mailing list