Users wooly after knitting website hack

By on
Users wooly after knitting website hack

Blogging server cracked.

Hackers have stolen usernames and passwords of popular knitting website Ravelry after cracking a secondary server used for its blog site.

An attacker tried "various methods" to crack into the website and succeeded using a "weak link" on the blog server.

Ravelry said it had hired an information security consulting firm to run penetration tests against its systems, installed intrusion detection systems, and hardened its networks by removing unused software and services.

"As an example, the software we used to run our blog was not only completely re-installed, it was also moved to a separate web host to limit exposure in the future," the company said in a post.

"We are a tiny company with a small staff and only one engineer/programmer but we still take security very seriously."

It said passwords were encrypted and no financial information was lost.

Ravelry advised users to change passwords to their other accounts, if they used the same password to log in to multiple online services.

It also said users should consider using a password manager.

"We are deeply sorry that this has happened. We care very much about all of you and we never want something like this to happen again."

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?