Dear TechSoup Visitor,
As many of you may be aware, the TechSoup websites experienced unusual downtime last week. Our websites are now live and available to serve you; however we wanted to follow up with an update on what caused this outage and what we are doing about it.
We temporarily took our websites down after experiencing instability within our web pages. We soon learned that this instability was due to a SQL Injection attack. These types of attacks are known to exploit website vulnerabilities with the intent of distributing viruses and malware.
While we do not have any specific evidence that malware or viruses were actually distributed, we have strongly recommended via our website and phone messages a series of security measures listed below for those who visited our site between 8:00PM PDT, Tuesday August 5, 2008 and 7:45AM PDT, Wednesday August 6, 2008. We have no reason to believe that this issue has compromised any personal data.
- Make sure your anti-virus software definitions are up-to-date.
- Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
- Review the information at http://www.us-cert.gov/cas/tips/ about managing viruses.
- Update your operating system and other software with the latest security patches. While most software will alert you of any updates automatically, you should run Windows Update on Windows, Software Update on Mac OS X, and for any other applications that you frequently use. For many applications, look in the "Help" menu for information on updates. Check the software documentation if you cannot find that information.
We also want to take this opportunity to remind all of our customers and visitors to practice "best practices" with regard to protecting your online identity and data. Take the time necessary to secure your information by changing the passwords on your online accounts. "Best practices" recommend that you change your passwords regularly (at least once a month) to keep your system information secure. This time investment will pay big dividends in risk prevention. For additional security tips, see http://blog.techsoup.org.
What We've Done to Manage Our Websites and This Issue
Our team worked diligently to promptly identify and communicate this issue (for more information, please see our status updates.) We have now implemented a solution to examine all incoming traffic and reinforce our current defenses. We also instituted increased system monitoring and are pleased to report that our solution has remained effective. Going forward, we are engaging outside experts for a security assessment to ensure we can be as proactive as possible in fending off these types of attacks and others.
We take this issue, and your security, very seriously. If we can answer any questions, please write to us at firstname.lastname@example.org or call us at 1-800-659-3579, extension 700. Our customer service team is available to serve you Monday-Friday, from 8:00AM to 5:00PM PDT.
We apologize for this inconvenience and are working diligently to answer your questions and process any donation requests in progress.
Rebecca Masisak and Marnie Webb