Convio Inc. has acknowledged that attackers targeted its GetActive platform, which many nonprofit associations and academic institutions use to send email to volunteers, donors, members and other constituents. The security breach has put the passwords and accounts of those doing business with such Convio customers as CARE, Working Assets, Free Press and the American Museum of Natural History at increased risk of fraud.
"We take this attack very seriously and are committed to working with these organizations and their constituents to minimize the impact," Convio CEO Gene Austin said in a statement on the company's Web site. He insisted that no credit card data had been compromised.
"If you have been made aware of this by one of the nonprofit organizations the company serves, it is possible that your email address and the password you use for managing your email subscriptions with that organization were obtained by an unauthorized third-party," he said.
He recommended that those using the same email address and password for any other online service such as a bank or PayPal change their password with those providers as soon as possible.