Yes, I did see that. Another thought, wouldn't the hackers need to know what other sites this password is used on? Or do they have a way of searching your email address to find where you go? Or randomly choose a person from Ravelry (or any other site that they have gotten into) and then start looking at, say, different banks etc.?

This is a lengthy process of changing my password(s) on all of the sites I visit if it's tracked by email address. We're talking many hours. For instance, my password on this very site is the same as Ravelry.

yes, once they have your password and user name they can just cruise through breaking into lots of sites and testing until they find your account.

as always, the honest citizen has to pay to protect themselves from the dishonest creeps. i am so frustrated with these people.

be careful what you say about personal business on any site as anyone might be watching and listening.

Thanks.

I received the same email. I did change my password but did not use the link. I never use links from emails no matter how legitimate it looks. I don’t use identical passwords for accounts for safety purposes.

I didn't receive an email from them (it was sent to my old email address). I went directly to Ravelry after reading your post. This is what is on their home page after I logged in:

Important information: Security Breach

An attacker recently managed to break in to one of our secondary servers. Once inside, they were able to access user names and encrypted passwords.

We think that it is best to be overly cautious and we are requiring you to change your password on Ravelry. We suggest that you also change your password on any other sites where you've used the same or similar password.

The passwords that the attacker was able to access were encrypted and your password is most likely safe. We are being cautious because modern password cracking technology is very sophisticated and given enough time and money or resources, the attacker could potentially recover some of the passwords.

No financial information or other sensitive information was accessed: we do not collect or store this type of data. Patterns for sale are stored securely and they were not viewed or downloaded and private correspondence (messaging between users) was not accessed either.

Please take this opportunity to set up different passwords for different sites. There are several good "password manager" applications that can help you keep track of your passwords.

We are deeply sorry that this has happened. We care very much about all of you and we never want something like this to happen again. If you have any questions or concerns at all, please post in this forum thread or email Sarah at [email protected].
How did this happen?

An attacker tried various methods to gain access to our servers. While most of these methods were unsuccessful, the attacker did eventually find a weak link, and was able to compromise the system that ran our blog. Once they had access to this system they were able to access other data that resided on the on the same server.

How will you make sure that something like this doesn't happen again?

First, and probably most importantly, we are working with an information security consulting firm that will help us audit and test our current and future systems. We are a tiny company with a small staff and only one engineer/programmer but we still take security very seriously. Having outside help will be a double-check that helps us catch mistakes before they become problems.

Secondly, we are reviewing all of the software we use to run our systems, and eliminating everything we can to reduce our exposure to attackers. As an example, the software we used to run our blog was not only completely re-installed, it was also moved to a separate web host to limit exposure in the future. We are also using new technologies to help detect and automatically block certain types of attacks

Finally, we are doing as much as possible to limit the exposure of data should a breach occur. All sensitive data in our databases is protected with strong encryption, and we are working to identify any areas where data could leak from our systems.

This has been a really frustrating and upsetting experience but the silver lining is that we are in a better position to make sure that your information is safe. We want you to have confidence that we are doing everything we can to make sure that your Ravelry is positive and safe. Thank you so much your patience and understanding as we work through this.

----- me again
Once you change your password, if you logout and go back in, that message no longer appears. I found the thread where they were talking about it. And yes, they are sending out emails alerting people to the breach.

Thank you for saying don't do it. I might have gone in and done that. Sue

OK - - my son designs virtual memory systems WORLDWIDE (companies like Chase Morgan Bank, Bank of America, the NFL, New York City, Travelocity, etc. I asked the question about the need to change my passwords and here is his reply:

" There was a centralized datacenter that was hacked from what I understand and they really don't know what was taken or obtained so it's more of a proactive e-mail in case your password has been compromised. Hard to tell if its necessary or not. I would cover the big ones like your credit card site / eBay / etc. Basically anything that has your credit card info accessible."

I ALWAYS trust what my son says. He is not just a typical kid (he's 31 years old) who is computer savy. He is the real deal and certified in stuff that I don't pretend to understand.

So a word to the wise.

Thanks for giving the info. I don't know that much about computers but I figured I would change the ones with my info. Sue