Techsoup affected by Convio security breach, too | Non-Profit Tech Blog

Convio, Security, nptech

Techsoup affected by Convio security breach, too

11.20.07 | Comments

Oh well. I’m screwed or rather my old organization is. I doubt they’ll be reading that post but now it’s time to tell them. UPDATE (Thanksgiving 2007): And of course I can’t tell them because they sent out the notice the night before a holiday only adding to the exposure — GAHHHH! I found out from Beth Kanter. She got the e-mail. I didn’t because I don’t have access to my old Techsoup account. Of course, I’m not sure if my old org has it either. I know for a fact their systems aren’t compromised though since I never used administrator account passwords on the Web. Can I say again that e-mail notification is a pretty weak attempt at notification?

Techsoup is actually the first nonprofit I know of besides Working Assets to put the notice up on their site. Too bad it’s weeks too late for it. I find it hard to imagine that a technology organization can be caught in the headlights for that long but apparently so. Shame, Techsoup, shame. All of Techsoup’s users (of which I’m one) were left mighty high and dry.

Hat tip to Beth for the warning.

How relevant was this post to you?
Why did you post this???

Why did you post this???

I do not think this was necessary.

Not bad. I will save for later.

I really needed to read this!

This bit of knowledge will make me look good.

(No Ratings Yet)

Loading ...

Comments

MyAvatars 0.2

On 11.20.07 Beth Kanter said:

Wow, you posted this fast .. .I hadn’t ever blogged it yet
http://beth.typepad.com/beths_blog/2007/11/security-update.html

MyAvatars 0.2

On 11.21.07 Allan Benamer said:

Yeah, it’s called typing at near-freakout speeds. Sigh.

MyAvatars 0.2

On 11.21.07 Beth Kanter said:

I left a question on the forum about the netsquared list … boy, I hope the instance of credit fraud that just happened to me isn’t due to this … although my bank told me it might had more to do with buying gas with credit card. I guess if we want to stay in the loop on the conversation about this, we should go over to the forum at TechSoup ..

MyAvatars 0.2

On 11.21.07 Allan Benamer said:

Well this is good news…

“Please note that these passwords are only for the Convio system, meaning that they only control your email newsletter preferences. No passwords relating to your log in at TechSoup or TechSoup Stock were stolen. Also, no financial information was stolen. “

MyAvatars 0.2

On 11.26.07 Matthew Palmer said:

As an employee of TechSoup, I wanted to respond to the discussion of the security breach at Convio because our members’ information was among the data that was illegally accessed.

Just hours after learning from Convio that TechSoup was one of the 92 nonprofits whose information was stolen, we notified affected members rather than waiting until after Thanksgiving. We took the further step of notifying all TechSoup email subscribers and posting messages on our website to let nonprofits know we are working closely with Convio and that we take this incident very seriously.

I appreciate your efforts to help us spread the word about the break-in at Convio and its impact for TechSoup’s members.

Sincerely,
Matthew Palmer
TechSoup

MyAvatars 0.2

On 11.28.07 Allan Benamer said:

Hey Matt, this is a little late to reply but can you tell us why Techsoup took so long to send out the notification? Convio sent it out in early November. The way I see it, Techsoup took more than two weeks to send that notification to its members. Am I missing something here?

MyAvatars 0.2

On 11.30.07 Matthew Palmer said:

Hi Allan,

Sure, I’d be glad to address that. TechSoup learned from Convio on Monday, November 19th that we were one of their customers affected by the breach. That same day we issued an email to all of our email newsletter subscribers who had passwords on file with Convio alerting them that their email address and password were potentially compromised and recommending they change their passwords on any other sites that use that email address to log in.

TechSoup has also taken additional steps to notify our subscribers including communicating via email with all newsletter subscribers (including those without Convio passwords), sending a reminder email to subscribers with passwords, posting notices and an FAQ on our website, and answer customer questions by phone and email. Convio has helped us answer questions from TechSoup members with their Security Hotline, which has been available since TechSoup first announced the breach.

Sincerely,
Matt

speak up

Add your comment below, or trackback from your own site.

Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Search Only Non-profit Links

Click here to add nonprofit search to your browser! Want to add your links to the search engine? Be a MANSEO contributor!

Recent Comments

What I'm Doing...
- #fisherplazafire causing a lot of concern among lefty and nonprofit website 22 hrs ago
- @wharman #pdf09 no problem it was fun liveblogging the conference to a bunch of nonprofit people -- they need to get out more ;) in reply to wharman 2 days ago
- @Michael_Hoffman http://thediscust.com/?page_id=2 in reply to Michael_Hoffman 2 days ago
- @empowerthepoor @danberger hey it looks like twitchuck is perfect as a secondary filter to figure out which nonspammer account to follow in reply to empowerthepoor 3 days ago
- @empowerthepoor thanks I'll try that out! wish there was a web version and not so FF specific (I'm a Chrome user) but I'll try anything in reply to empowerthepoor 3 days ago
- More updates...
Powered by Twitter Tools.
Twitter

Follow me at Twitter!
Friendfeed

Follow me at Friendfeed!
Publicly-traded nonprofit CRM vendors

<a href="http://finance.yahoo.com">Yahoo! Finance</a><br/><a href="http://finance.yahoo.com/q?s=BLKB">Quote for BLKB</a>

Most Commented Posts

Feedburner says we have…
Google Friend Connect
Blog Network:
Name:
Non-Profit Tech Blog
Topics:
nptech, nonprofits, technology
Join my network
Blog Networks