Browse > Home / CRM Systems, ISO 20000, Technology & Security / Hacker Swipes E-Mail Passwords From Convio Database

Hacker Swipes E-Mail Passwords From Convio Database

November 29, 2007 by Jimson Lee

Please note it is your responsibility to evaluate the accuracy, completeness and usefulness of any information, opinion or advice contained in the content below.

YET ANOTHER reason to enforce strong passwords in the corporate world.

It amazes me how many companies let employees use weak passwords, or passwords with no expiry.

Below is an excerpt from CRMbuyer.com.

Convio, a provider of CRM applications for nonprofit organizations, has announced that e-mail addresses and passwords have been stolen from its clients’ databases. The American Red Cross is among the companies affected by the breach. No bank account information or Social Security numbers, however, appear to have been leaked.

Tad Druart, a spokesperson for Austin, Texas-based Convio, said the company has notified federal authorities of a data breach between Oct. 23 and Nov. 1.

The hacker used an employee’s password to get at the data

No Social Security numbers or bank account information was stolen, Druart said. He said the company immediately notified the 92 companies affected, though he would not name them, and it wasn’t known how much information was compromised.

Red Cross spokesperson Stephanie Millian confirmed that roughly 278,000 e-mail addresses and a smaller number of passwords were taken from a Red Cross blood drive Web site that ran on Convio’s software. She said the Red Cross notified affected users Nov. 14.

What kind of policy settings or password complexity are we looking for?

A Policy Setting should have the following:

  • Enforce password history: 3 passwords remembered
  • Maximum password age: 90 days
  • Minimum password age: 0 days
  • Minimum password length: 8 characters
  • Password must meet complexity requirements.

The password complexity requirements are:

  • Not contain all or part of the user’s account name
  • Be at least six characters in length
  • Contain characters from three of the following four categories:
    • English uppercase characters (A through Z)
    • English lowercase characters (a through z)
    • Base 10 digits (0 through 9)
    • Non-alphabetic characters (for example, !, $, #, %)

I’m not claiming the above incident was a result of a weak password, but it’s always a good reminder to set strong passwords and change them regularly between 90 – 120 days.

Post to Twitter


Tagged:

, , , , , , , , , ,

Related Articles on CRM Help Desk Software.com

Recent Articles on CRM Help Desk Software.com

Free Newsletter

Sign up for the free Daily newsletter, filled with tips and ideas on how to choose a proper CRM, Help Desk, Customer Support, or Enterprise Content Management software system. Your email address will be kept confidential and won't be shared. Easily unsubscribe at any time.

If you enjoy the free information available on this site, you're sure to enjoy the free newsletter as well:

Enter your email address:

Delivered by FeedBurner

Share and Enjoy:

Written by Jimson Lee · Filed Under CRM Systems, ISO 20000, Technology & Security 

Comments



CRM Help Desk Software