The 1% Program of Public Architecture discloses breach

From their web site: “The 1% program of Public Architecture  connects nonprofit organizations in need of design assistance with architecture and design firms willing to donate their time on a pro bono basis. “

I wish really bad karma for all hackers who go after non-profits trying to do some good in this world.

Posted by the 1% Program of Public Architecture:

We Were Hacked!
Friday, December 19, 2014

Dear 1% Community,

On Monday, December 8th, we discovered that theonepercent.org had been hacked.  A malicious hacker broke through our security protocols and firewalls and put up his own vanity page to brag about their destructive success.  In responding to this unexpected and unprovoked attack, we contacted our web developers to repair the site.  While a full assessment of the situation has been made and the site is now restored, we felt it our responsibility to share with you the ramifications of what has occurred.

  • The hacker deleted files essential to site operation to damage it.
  • The hacker may have stolen user information such as usernames, passwords, and contact information such as address and email address.
  • Fortunately, we do not maintain credit card, bank account or other financial information.

The security vulnerabilities/back doors the hacker exploited have been patched up.  The site was restored on Wednesday, December 17th, is now back under our control, and the vanity page has been removed.  We have notified law enforcement and are encouraging all members to change their 1% password and to monitor e-mail addresses and accounts for any suspicious activity.  Although we do not know the motivation behind the attack, we do not believe our members’ professional information was the intended target.

To login to your 1% profile, go to: http://theonepercent.org/Login.htm

While we have no knowledge or reports that any usernames, passwords or other personal information have been misused, we urge you to remain vigilant and review all of your accounts for unauthorized activity. Accordingly, we recommend the following:

1.    If you use the same username and password credentials for multiple accounts.  You may want to request that your bank monitor for possible fraudulent transactions or unusual activity on your account(s).

2.    Be alert to “phishing” by someone who acts like a friend or a representative of theonepercent.org and requests sensitive information over email, such as passwords, social security numbers, or bank account numbers.  We will never ask for this type of information over email.  Do NOT open or download suspicious or unknown email links or attachments.

Public Architecture has always taken information security very seriously, and we will continue to take every possible action to safeguard the professional information of those who pledge 1% and use the matching service.  Unfortunately, Public Architecture is not immune to hacking, but we are disappointed and sorry for the inconvenience this incident may cause.

Please feel free to contact us with any questions or concerns at [email protected] or by calling our main line at (415)-861-8200.  Thank you for understanding and bearing with us during this difficult time.

Sincerely,

John Peterson
Founder & President, Public Architecture

Public Architecture also submitted a copy of their December 17th notification to the California Attorney General’s web site.

About the author: Dissent

Comments are closed.