Charity Hacker Used Employee Password

Attacker who stole data from 92 charities had a valid password from their shared service provider

Dark Reading Staff, Dark Reading

November 28, 2007

1 Min Read

The hacker who stole personal information from donors at 92 charities entered the system with an employee password from Convio, the database services provider that all the charities shared.

According to an Associated Press report, a spokesman from Convio confirmed that the attacker had gained access to names and email addresses of the charities by accessing their databases using a Convio password.

No Social Security numbers or bank account information was stolen, the spokesman said. The charities have been notified, but so far, the Red Cross is the only one that has been named. The company still isn't sure how much data was stolen.

A Red Cross spokeswoman confirmed that roughly 278,000 email addresses and a smaller number of passwords were taken from a Red Cross blood drive Website that ran on Convio's software. She said the Red Cross notified affected users November 14.

Convio, which has filed papers to prepare for an initial public offering, has 1,200 clients, according to the report. Only clients using a program called GetActive, which Convio acquired in March, were affected by the attack, the spokesman said.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights