Welcome to the Quilting Board!

Already a member? Login above
loginabove
OR
To post questions, help other quilters and reduce advertising (like the one on your left), join our quilting community. It's free!

Results 1 to 18 of 18

Thread: Ravelry free patterns-FYI

  1. #1
    Super Member
    Join Date
    Nov 2010
    Location
    Port Charlotte, Fl
    Posts
    2,573
    I just received a message from them stating that passwords need to be changed on their site. The site has been comprised and they can't be sure the passwords have a problem but they want it changed. They said no finacial info was gotten into because they don't keep it. Sue

  2. #2
    Super Member Murphy's Avatar
    Join Date
    Oct 2010
    Location
    Iowa
    Posts
    8,899
    Blog Entries
    1
    Don't do it.

  3. #3
    Senior Member kathome's Avatar
    Join Date
    May 2010
    Location
    Central Florida
    Posts
    696
    Blog Entries
    1
    Quote Originally Posted by Murphy
    Don't do it.
    Don't do what? YOU don't do Ravelry or is this a suggestion not to change the password?

  4. #4
    Super Member
    Join Date
    Jul 2010
    Posts
    1,558
    There is a BIG notice on their homepage recommending password change. I'm very cautious about emails asking for changes to any accounts i have so i checked it out. this does look legit, altho i did not recieve an email from them. I also have not bought anything from this site, i go for the freebies

  5. #5
    Super Member
    Join Date
    Dec 2010
    Location
    West Virginia
    Posts
    1,010
    Give them a call Mon.

  6. #6
    Super Member
    Join Date
    Jul 2010
    Posts
    1,558
    Quote Originally Posted by eastermarie
    Give them a call Mon.
    Good advice.
    Be suspicious of any email requesting info. It could be "phishing". Banks, cc etc. will NOT email you asking fo sensitive information

  7. #7
    AbbyQuilts's Avatar
    Join Date
    Aug 2009
    Location
    Monroeville, PA
    Posts
    579
    Blog Entries
    1
    I checked out their twitter and they are saying that they did send the email and that they do want you to change your password
    http://twitter.com/#!/ravelry

  8. #8
    Senior Member kathome's Avatar
    Join Date
    May 2010
    Location
    Central Florida
    Posts
    696
    Blog Entries
    1
    What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?

    I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.

    Am I making sense here?

  9. #9
    Super Member Connie in CO's Avatar
    Join Date
    Jul 2010
    Location
    Canon City, Colorado
    Posts
    2,438
    Blog Entries
    2
    Sorry what is Ravelry?

  10. #10
    Senior Member pdcakm's Avatar
    Join Date
    Jul 2010
    Location
    california
    Posts
    941
    Quote Originally Posted by kathome
    What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?

    I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.

    Am I making sense here?
    they do advise in the email to change your password on all other sites where you use the same password.

    never go directly to the site from the warning email. go directly to the site from your address line.

  11. #11
    Senior Member kathome's Avatar
    Join Date
    May 2010
    Location
    Central Florida
    Posts
    696
    Blog Entries
    1
    Quote Originally Posted by pdcakm
    Quote Originally Posted by kathome
    What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?

    I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.

    Am I making sense here?
    they do advise in the email to change your password on all other sites where you use the same password.

    never go directly to the site from the warning email. go directly to the site from your address line.
    Yes, I did see that. Another thought, wouldn't the hackers need to know what other sites this password is used on? Or do they have a way of searching your email address to find where you go? Or randomly choose a person from Ravelry (or any other site that they have gotten into) and then start looking at, say, different banks etc.?

    This is a lengthy process of changing my password(s) on all of the sites I visit if it's tracked by email address. We're talking many hours. For instance, my password on this very site is the same as Ravelry.

  12. #12
    Senior Member pdcakm's Avatar
    Join Date
    Jul 2010
    Location
    california
    Posts
    941
    Quote Originally Posted by kathome
    Quote Originally Posted by pdcakm
    Quote Originally Posted by kathome
    What am I missing here? If Ravelry has already been hacked, what is the point of changing your password? That is, if the "hackers" already have your password, and you use that same password for other sites, shouldn't you be warned to change the password for only those other places?

    I couldn't care less if someone can see the patterns that I view on a free site, it's the ones such as banks, bills, etc.

    Am I making sense here?
    they do advise in the email to change your password on all other sites where you use the same password.

    never go directly to the site from the warning email. go directly to the site from your address line.
    Yes, I did see that. Another thought, wouldn't the hackers need to know what other sites this password is used on? Or do they have a way of searching your email address to find where you go? Or randomly choose a person from Ravelry (or any other site that they have gotten into) and then start looking at, say, different banks etc.?

    This is a lengthy process of changing my password(s) on all of the sites I visit if it's tracked by email address. We're talking many hours. For instance, my password on this very site is the same as Ravelry.
    yes, once they have your password and user name they can just cruise through breaking into lots of sites and testing until they find your account.

    as always, the honest citizen has to pay to protect themselves from the dishonest creeps. i am so frustrated with these people.

    be careful what you say about personal business on any site as anyone might be watching and listening.

  13. #13
    Senior Member kathome's Avatar
    Join Date
    May 2010
    Location
    Central Florida
    Posts
    696
    Blog Entries
    1
    Thanks.

  14. #14
    Super Member
    Join Date
    Jan 2011
    Posts
    1,987
    I received the same email. I did change my password but did not use the link. I never use links from emails no matter how legitimate it looks. I donít use identical passwords for accounts for safety purposes.

  15. #15
    Senior Member LaurieE's Avatar
    Join Date
    Mar 2009
    Location
    Alachua, Florida
    Posts
    684
    I didn't receive an email from them (it was sent to my old email address). I went directly to Ravelry after reading your post. This is what is on their home page after I logged in:

    Important information: Security Breach

    An attacker recently managed to break in to one of our secondary servers. Once inside, they were able to access user names and encrypted passwords.

    We think that it is best to be overly cautious and we are requiring you to change your password on Ravelry. We suggest that you also change your password on any other sites where you've used the same or similar password.

    The passwords that the attacker was able to access were encrypted and your password is most likely safe. We are being cautious because modern password cracking technology is very sophisticated and given enough time and money or resources, the attacker could potentially recover some of the passwords.

    No financial information or other sensitive information was accessed: we do not collect or store this type of data. Patterns for sale are stored securely and they were not viewed or downloaded and private correspondence (messaging between users) was not accessed either.

    Please take this opportunity to set up different passwords for different sites. There are several good "password manager" applications that can help you keep track of your passwords.

    We are deeply sorry that this has happened. We care very much about all of you and we never want something like this to happen again. If you have any questions or concerns at all, please post in this forum thread or email Sarah at [email protected]
    How did this happen?

    An attacker tried various methods to gain access to our servers. While most of these methods were unsuccessful, the attacker did eventually find a weak link, and was able to compromise the system that ran our blog. Once they had access to this system they were able to access other data that resided on the on the same server.

    How will you make sure that something like this doesn't happen again?

    First, and probably most importantly, we are working with an information security consulting firm that will help us audit and test our current and future systems. We are a tiny company with a small staff and only one engineer/programmer but we still take security very seriously. Having outside help will be a double-check that helps us catch mistakes before they become problems.

    Secondly, we are reviewing all of the software we use to run our systems, and eliminating everything we can to reduce our exposure to attackers. As an example, the software we used to run our blog was not only completely re-installed, it was also moved to a separate web host to limit exposure in the future. We are also using new technologies to help detect and automatically block certain types of attacks

    Finally, we are doing as much as possible to limit the exposure of data should a breach occur. All sensitive data in our databases is protected with strong encryption, and we are working to identify any areas where data could leak from our systems.

    This has been a really frustrating and upsetting experience but the silver lining is that we are in a better position to make sure that your information is safe. We want you to have confidence that we are doing everything we can to make sure that your Ravelry is positive and safe. Thank you so much your patience and understanding as we work through this.

    ----- me again
    Once you change your password, if you logout and go back in, that message no longer appears. I found the thread where they were talking about it. And yes, they are sending out emails alerting people to the breach.

  16. #16
    Super Member
    Join Date
    Nov 2010
    Location
    Port Charlotte, Fl
    Posts
    2,573
    Thank you for saying don't do it. I might have gone in and done that. Sue

  17. #17
    Senior Member kathome's Avatar
    Join Date
    May 2010
    Location
    Central Florida
    Posts
    696
    Blog Entries
    1
    OK - - my son designs virtual memory systems WORLDWIDE (companies like Chase Morgan Bank, Bank of America, the NFL, New York City, Travelocity, etc. I asked the question about the need to change my passwords and here is his reply:

    " There was a centralized datacenter that was hacked from what I understand and they really don't know what was taken or obtained so it's more of a proactive e-mail in case your password has been compromised. Hard to tell if its necessary or not. I would cover the big ones like your credit card site / eBay / etc. Basically anything that has your credit card info accessible."

    I ALWAYS trust what my son says. He is not just a typical kid (he's 31 years old) who is computer savy. He is the real deal and certified in stuff that I don't pretend to understand.

    So a word to the wise.

  18. #18
    Super Member
    Join Date
    Nov 2010
    Location
    Port Charlotte, Fl
    Posts
    2,573
    Thanks for giving the info. I don't know that much about computers but I figured I would change the ones with my info. Sue

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO ©2011, Crawlability, Inc.