Non-Profit Tech Blog » CI Host http://www.nonprofittechblog.org Confessions of a Non-Profit Executive Director Tue, 20 Dec 2011 19:31:36 +0000 en hourly 1 http://wordpress.org/?v= http://creativecommons.org/licenses/by-nc-nd/3.0/us/ More about the security problems at Convio http://www.nonprofittechblog.org/more-about-the-security-problems-at-convio?utm_source=rss&utm_medium=rss&utm_campaign=more-about-the-security-problems-at-convio http://www.nonprofittechblog.org/more-about-the-security-problems-at-convio#comments Mon, 05 Nov 2007 01:37:23 +0000 Allan Benamer http://www.nonprofittechblog.org/more-about-the-security-problems-at-convio Convio Logo
Working Assets Logo
CI Host Logo

The progressive blogosphere is also reporting issues with Convio mainly through ActForChange which is run by Working Assets:

Dear Subscriber,

We regret to inform you that the company we contract with to provide online services, Convio, has identified a breach of one of their internet security systems. There was no breach of personally-identifiable information or credit card data, but your email address and password for managing your Act For Change and Working For Change subscriptions were obtained by an unauthorized third party.

A user at Daily Kos claiming to be the political director at Working Assets says the following:

unfortunately, this is real. convio was the subject of a malicious hacking attack and some of our members were affected as a result of their security breach.

we take security very, very seriously. please note: the database holding account information related to Working Assets long distance, wireless and credit card accounts was not affected.

Another user claims that Convio’s problems stemmed from a break-in at the hosting provider that Convio uses in Chicago, CI Host:

In the most recent incident, “at least two masked intruders entered the suite after cutting into the reinforced walls with a power saw,” according to a letter C I Host officials sent customers. “During the robbery, C I Host’s night manager was repeatedly tazered and struck with a blunt instrument. After violently attacking the manager, the intruders stole equipment belonging to C I Host and its customers.”

Tad Druart, Convio’s Communications Director, says that the break-in and the Convio security breach are not related to each other. I’m only posting this because a quick DNS lookup on getactive.com shows that ns3.getactive.com is listed at CI Host. If you traceroute to it, you get CI Host as the last stop before the packets fall behind a firewall. That said, I think Convio should probably leave CI Host as a hosting provider as that is apparently the FOURTH break-in in two years at the Chicago location. Can anyone say “inside job”?

]]> http://www.nonprofittechblog.org/more-about-the-security-problems-at-convio/feed 1