Important Information about a Ravelry Security Breach

Via DataLossDB.org:

From: “Ravelry”
Date: Jun 6, 2011 2:41 AM
Subject: Important information about a security breach at Ravelry.com
To: [redacted]

(Wondering if this email is real? You can also see a similar notice by logging in to Ravelry.com)

*Important Information about a Ravelry Security Breach*

Dear Ravelry member,

An attacker recently managed to break in to one of Ravelry’s secondary servers. Once inside, they were able to access user names, *encrypted*passwords, and possibly email addresses. Your passwords could not be seen and no financial or other sensitive information was accessed as we do not collect or store this type of data.

We think that it is important to be overly cautious and we need you to change your password on Ravelry and on any other sites where you’ve used the same or similar password, even if you used different usernames. Because passwords were encrypted, we do not think that your password has been exposed but it is important to change your passwords just to be safe. There is a chance that some passwords could be decrypted given enough time and computer power and we don’t want to put anyone at risk.

You can change your password by logging into Ravelry (http://www.ravelry.com) and clicking the “change your password now” button on the security notice on the front page. You can also change your password by editing your profile:
click your username in the upper right of the page to access your profile, and
click “edit your profile” to change your password. If you do not remember your Ravelry password, and you have tried any passwords you may use on other sites, you can click “I forgot” on the Ravelry homepage to receive a link for changing your password. If your browser is remembering your password, you will need to
log out to access that option.

*If you would like to delete your Ravelry account, *you do that by going to the change password page mentioned above and using the “Delete my Ravelry account” link.

*More information regarding the security breach,* including the steps we are taking to make Ravelry more secure, can be found in our full notice at http://www.ravelry.com/?showletter=1. Additionally, we are listing answers to Frequently Asked Questions and fielding further questions in our forums . You are also welcome to reply to this message if you have any questions or concerns.

We are deeply sorry that this has happened. We care very much about everyone on Ravelry and we’re taking steps to make sure that we are all more safe from this sort of attack.

We are also very sorry that some people who are not active members may have been affected. If you’d like to delete your Ravelry account, please use the information above to do so.

Casey, Jess, Mary-Heather and Sarah

Nice. A bunch of knitters and crocheters knew to encrypt passwords when Sony didn’t?

About the author: Dissent