Attacker who stole data from 92 charities had a valid password from their shared service provider
The hacker who stole personal information from donors at 92 charities entered the system with an employee password from Convio, the database services provider that all the charities shared.
According to an Associated Press report, a spokesman from Convio confirmed that the attacker had gained access to names and email addresses of the charities by accessing their databases using a Convio password.
No Social Security numbers or bank account information was stolen, the spokesman said. The charities have been notified, but so far, the Red Cross is the only one that has been named. The company still isn't sure how much data was stolen.
A Red Cross spokeswoman confirmed that roughly 278,000 email addresses and a smaller number of passwords were taken from a Red Cross blood drive Website that ran on Convio's software. She said the Red Cross notified affected users November 14.
Convio, which has filed papers to prepare for an initial public offering, has 1,200 clients, according to the report. Only clients using a program called GetActive, which Convio acquired in March, were affected by the attack, the spokesman said.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024