Ravelry security breach - change your passwords(5 Posts)
In case you weren't already aware more info here
My own view is that you definitely need to change your Ravelry password and also your password on any other sites that you use the same password on (or a similar password eg if your password is knitting on Ravelry and you also use Knitting or knitting1 on Amazon etc then change those too).
Best practice is to assume the passwords will be decrypted at some point - having access to your Ravelry account is probably not the primary aim of the hackers - their aim will be to harvest more passwords, emails etc and start running them through Amazon, Paypal, Facebook, banking sites etc. Don't forget as well that your financial details are probably 'stored' on lots of non-financial websites too eg things like iTunes etc.
Hi, could you elaborate please?
I have also received an email 'Notification of a security breach' but was too scared to open it up and read it so deleted it.
When I click on your link it takes me to Ravelry where it wants me to enter my username and password and I dont want to do that now, under the circumstances. So wondering what the info is. Thank you.
Oh - sorry I hadn't realised the link doesn't work.
Basically the email from Ravelry should be legitimate. They got hacked and lost usernames, email addresses and (encrypted) passwords. They're advising everyone to change their Ravelry password - I added in the bit about changing other similar passwords as that's generally security best practice.
Will cut and paste the email I got from Ravelry below - I think the link changes depending on if you've logged in already and seen the message so that might be why my link isn't working.
(Wondering if this email is real? You can also see a similar notice by logging in to Ravelry.com)Important Information about a Ravelry Security Breach
Dear Ravelry member,
An attacker recently managed to break in to one of Ravelry's secondary servers. Once inside, they were able to access user names, encrypted passwords, and possibly email addresses. Your passwords could not be seen and no financial or other sensitive information was accessed as we do not collect or store this type of data.
We think that it is important to be overly cautious and we need you to change your password on Ravelry and on any other sites where you've used the same or similar password, even if you used different usernames. Because passwords were encrypted, we do not think that your password has been exposed but it is important to change your passwords just to be safe. There is a chance that some passwords could be decrypted given enough time and computer power and we don't want to put anyone at risk.
You can change your password by logging into Ravelry (http://www.ravelry.com) and clicking the "change your password now" button on the security notice on the front page. You can also change your password by editing your profile: click your username in the upper right of the page to access your profile, and click "edit your profile" to change your password. If you do not remember your Ravelry password, and you have tried any passwords you may use on other sites, you can click "I forgot" on the Ravelry homepage to receive a link for changing your password. If your browser is remembering your password, you will need to log out to access that option.
If you would like to delete your Ravelry account, you do that by going to the change password page mentioned above and using the "Delete my Ravelry account" link.
More information regarding the security breach, including the steps we are taking to make Ravelry more secure, can be found in our full notice at http://www.ravelry.com/?showletter=1. Additionally, we are listing answers to Frequently Asked Questions and fielding further questions in our forums. You are also welcome to reply to this message if you have any questions or concerns.
We are deeply sorry that this has happened. We care very much about everyone on Ravelry and we're taking steps to make sure that we are all more safe from this sort of attack.
We are also very sorry that some people who are not active members may have been affected. If you'd like to delete your Ravelry account, please use the information above to do so.
Casey, Jess, Mary-Heather and Sarah
Join the discussion
Please login first.