Thursday, November 22

TechSoup's news - so old it's cold

A reader just forwarded me this email (dated Nov. 20th) from TechSoup, one of the leading edge techie types advising the nonprofit world. Why did it take them so long to notify subscribers?

TechSoup By the Cup - November 20, 2007
The Newsletter from
"Technology served the way nonprofits need it."


Convio/GetActive - the service TechSoup uses to manage and distribute By the Cup - is warning subscribers to exercise caution after hackers broke into its systems and stole email addresses and passwords from 92 nonprofit clients.

While the vast majority of TechSoup email newsletter subscribers were unaffected, 3,000 TechSoup subscribers may have had the usernames and passwords they used to manage their email subscriptions stolen.

There is potential for misuse of this information should you use the same email address and password on other personal accounts (e.g, banking, PayPal,Amazon, Web-based email sites, etc.) Convio would like to advise you of important steps that you should take to prevent misuse of your personal information:

* If this email address and password are used together on any other accounts, it is recommended you change your password on those accounts immediately.

The email goes on to warn subscribers to be wary of emails asking for information. They also reassure folks that their privacy is taken seriously.

Yikes. Are they serious when they use words like "immediately" even though they waited almost three weeks to send out this notice? Maybe they should use warn us about the potential problems associated with Y2K?


Darah F said...

I cant believe that TECH soup waited THAT long?!?!?1

Matthew Palmer said...

As an employee of TechSoup, I wanted to respond to the discussion of the security breach at Convio because our members’ information was among the data that was illegally accessed.

Like you, we have been following the security breach at Convio very closely since it was reported. We decided to take the step of notifying our members when we learned TechSoup was one of 92 nonprofits whose information had been stolen. In fact, we contacted all affected email subscribers within hours of learning this.

We took the further step of notifying all TechSoup email subscribers and posting messages on our website to let nonprofits know we are working closely with Convio and that we take this incident very seriously.

Matthew Palmer

"a fundraiser" said...

Thanks for the comment Matt. I understand you have no obligation to respond to an anonymous blog and I appreciate the additional information. Apologies if the headline sounded too harsh.