Hacker Swipes E-Mail Passwords From Convio Database
November 29, 2007 by Jimson Lee · Leave a Comment
YET ANOTHER reason to enforce strong passwords in the corporate world.
It amazes me how many companies let employees use weak passwords, or passwords with no expiry.
Below is an excerpt from a prior article at CRMbuyer.com.
Convio, a provider of CRM applications for nonprofit organizations, has announced that e-mail addresses and passwords have been stolen from its clients’ databases. The American Red Cross is among the companies affected by the breach. No bank account information or Social Security numbers, however, appear to have been leaked.
Tad Druart, a spokesperson for Austin, Texas-based Convio, said the company has notified federal authorities of a data breach between Oct. 23 and Nov. 1.
The hacker used an employee’s password to get at the data
No Social Security numbers or bank account information was stolen, Druart said. He said the company immediately notified the 92 companies affected, though he would not name them, and it wasn’t known how much information was compromised.
Red Cross spokesperson Stephanie Millian confirmed that roughly 278,000 e-mail addresses and a smaller number of passwords were taken from a Red Cross blood drive Web site that ran on Convio’s software. She said the Red Cross notified affected users Nov. 14.
What kind of policy settings or password complexity are we looking for?
A Policy Setting should have the following:
- Enforce password history: 3 passwords remembered
- Maximum password age: 90 days
- Minimum password age: 0 days
- Minimum password length: 8 characters
- Password must meet complexity requirements.
The password complexity requirements are:
- Not contain all or part of the user’s account name
- Be at least six characters in length
- Contain characters from three of the following four categories:
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
I’m not claiming the above incident was a result of a weak password, but it’s always a good reminder to set strong passwords and change them regularly between 90 – 120 days.
Related Articles on CRM Help Desk Software.com
- Salesboom. com to End Phishing Attacks on CRM with Two Factor Authentication
- Convio Achieves SAS 70 Compliance
- Palin E-mail Hacker – Anonymous Proxy Server not always Anonymous
- Google Apps Premier Edition Allows Better Password Control
- Best CRM Software by Industry: Nonprofit Organizations
Recent Articles on CRM Help Desk Software.com
- SugarCRM Brings CRM Thought Leaders Together at SugarCon 2012
- eXtremeCRM 2012 Berlin
- ERP Vendor Shootout
- Heroku Receives InfoWorld’s Technology of the Year Award
- Cloud Portability: OASIS Forms Technical Committee for Open Standards
- Gartner Announces Customer 360 Summit 2012
- Veeva Announces Seamless Integration With Concur
- Real-time Search Set to Revolutionize Contact Center Customer Service
- TeamSupport.com Boosts Business Intelligence with Zoho Reports
- Zendesk Integrates Facebook into Help Desk Software
About Jimson Lee
Jimson is a freelance industry analyst, with over 25 years experience in the IT industry. Prior to joining CRMHelpDeskSoftware, he spent 4 years as a Senior Consultant at Sierra Systems Group, part of Golden Gate Capital, a leading private equity firm with $9 billion in capital under management. Jimson currently resides in Rome, Italy.
