Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Thousands of user IDs stolen in Red Cross blood drive hack

By Tim Conneally, BetaNews

November 28, 2007, 5:11 PM

Over a two-week period, over 278,000 e-mail addresses of Red Cross workers were swiped by a malicious user who found a back-door into a certain brand of non-profit fundraising software.

Convio Inc., an Austin, Texas-based software company that exclusively serves the needs of non-profit groups, admitted today that its GetActive software had been hacked and user data from 92 groups were stolen between October 23 and November 1.

Apparently, an unauthorized user accessed the Red Cross database with a stolen employee password. Fortunately, no Social Security numbers or bank account information was stolen, but the Red Cross confirmed that 278,000 of its e-mail addresses and an unspecified smaller number of passwords were pilfered.

The Red Cross was running a blood drive site on Convio's GetActive software platform.

Convio serves some of the largest American non-profit organizations with its online fundraising, advocacy, and e-mail marketing software. Some notable clients include Children's Cancer Research Fund, Easter Seals, and Paralyzed Veterans of America.

Update ribbon (small)
6:30 pm EST November 29, 2007 - A spokesperson for Convio which manufacturers the software at issue contacted BetaNews this afternoon to say that the e-mail IDs swiped from the Red Cross database belonged to newsletter subscribers, not Red Cross employees.

"The intruder hacked into the Convio system electronically and from a distance," wrote corporate communications director Tad Druart, "after electronically compromising the password of a Convio employee...We also notified our clients in less than 48 hours after identifying and shutting down the breach on November 1, 2007."

Add a Comment (5 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Hall9000

posted Nov 29, 2007 - 9:44 PM

"a malicious user"

Also known as Dracula. Crime solved.

Score: 0

By M^3

posted Nov 29, 2007 - 4:51 PM

Wow, lets blame the software for the stolen password, that makes sense. I have never used the software mentioned in the article, but pretty much any software on any platform is "vulnerable" to this type of "attack". 'Apparently, an unauthorized user accessed the Red Cross database with a stolen employee password.' I suppose if that password was a hardcoded programmer backdoor, as was unclearly implied above, then is is a vulnerability in the software. I am just not sure if that was what the article was saying.

Score: 0

By Michael.Hatamoto

posted Nov 29, 2007 - 3:58 PM

Uh Oh! I always cringe when I read about a non-profit organization getting hacked or having a hard drive or notebook stolen! :( Since no SSN or bank information was taken, a bit of spam is much better than a stolen identity.

Score: 0

By Program86

posted Nov 29, 2007 - 10:09 AM

And this is a surprise? Win2003Server can be hacked by anyone with a brain and some ambition.

Score: 0

By morriscox

posted Nov 28, 2007 - 10:48 PM

Convio also serves TechSoup, which provides very-low cost software to non-profits (like SBS 2003 Premium for $60). I received an email from TechSoup telling me about the situation and that email addresses for the mailing lists(and the passwords used to manage them) were stolen. http://blog.techsoup.org/node/188

Score: 0

Sep 5 - 8:44 PM ET Mozilla's Aza Raskin: The journey back to Ubiquity

Sep 5 - 7:10 PM ET Red Hat buys virtualization specialist Qumranet

Sep 5 - 7:06 PM ET Analysts: Online news viewers rising as newspaper readership falls

Sep 5 - 6:55 PM ET Where does Sarah Palin stand on technology issues?

Sep 5 - 6:51 PM ET Adobe Flash to deliver NFL games in full

Sep 5 - 4:29 PM ET Exclusive beta invitation from GameTap and BetaNews

Sep 5 - 4:09 PM ET Report: OLPC buy one, give one deal returns

Sep 5 - 3:45 PM ET No ruling yet in TiVo vs. EchoStar patent case

Sep 5 - 3:37 PM ET Google Analytics starts tracking Chrome, with intriguing results

Sep 5 - 2:14 PM ET Comcast challenges FCC's authority in sanction appeal