IMPORTANT NOTICE FROM ACTFORCHANGE
Dear Subscriber,
We regret to inform you that the company we contract with to provide
online services, Convio, has identified a breach of one of their
internet security systems. There was no breach of
personally-identifiable information or credit card data, but your
email address and password for managing your Act For Change and
Working For Change subscriptions were obtained by an unauthorized
third party.
There is potential for misuse of this information should you use the
same email address and password on other personal accounts (e.g,
banking, PayPal, Amazon, etc.) Convio would like to advise you of
important steps that you can and should take to prevent misuse of your
personal information:
- If this email address and password are used together on any other
accounts, it is recommended that you change your password on those
accounts and sites immediately. We recognize that this is an enormous
inconvenience, but this step will minimize your security risk.
- Pay careful attention to emails you may receive requesting personal
and financial information, and only provide it when you can
confidently confirm that it has come from a trusted organization.
- Report any suspicious activity immediately to the account provider
(bank, credit card, etc.) and to credit bureaus. We take your privacy
seriously, and as a protective step have immediately deleted all
passwords from the Act For Change and Working For Change website and
subscriptions. This will not affect your subscriptions or site usage,
and you will simply be prompted to create a new password when you go
to manage your account.
Our vendor Convio has asked us to convey their deepest apology and
assurance that security has been restored. If you have any questions
or concerns, please feel free to call (800) 788-0898* or email
customerservice@wafs.com.
Stephen Gunn
Vice President, Operations
Working Assets
* Customer Service Hours: Monday-Friday 5:00am - 7:30pm, Saturday
8:00am - 4:30pm PST
It's never a good idea to use the same e-mail and password combination for more than one site, but in a world where we all have to manage dozens of unique logins a day, convenience often takes a back seat to security. If you've read this far, allow me to suggest password salting as a solution for managing your various logins:
A salt is defined as a random number that is added to the encryption key or to a password to protect them from disclosure. But in this case, it’s not a random number (since that wouldn’t be easy to remember either), but rather, it’s a combination of letters that you somehow derive from the site name, and somehow insert into your usual password.
For example.
Let’s say you’re creating a Hotmail account and you need to come up with a password. Your usual password is ‘monkey7’. But rather than just typing that in, you alter ‘monkey7’ with some characters that are unique to the site you’re visiting.
Maybe it’s the first two letters of the site name. Maybe it’s the first letter and the last letter, or the first and third letters. Whatever it is, pick a scheme and stick to it.
Let’s say you’ve chosen the first and third letters, and you’re going to put it before the 7. Your Hotmail password is now ‘monkeyht7’. Your Amazon password is ‘monkeyaa7’. Your Yahoo password is ‘monkeyyh7’. You get the picture.
Don’t use this exact scheme. Come up with your own. If everyone is using the same salting method, then it’s easy to crack, but with hundreds or thousands of salting algorithms, your password is reasonably safe.
Note that reasonably is relative. This is not super-secure - it’s hardly secure at all - but it is definitely more more secure than using the same password everywhere, and it’s easy to do.
Happy Salting.
Comments are closed on this story.