Recovered Service Outage

Early morning August 6, 2008, TechSoup temporarily disabled our websites due to recent suspicious activity. We soon learned that this instability was due to a SQL Injection attack. These types of attacks are known to exploit website vulnerabilities with the intent of distributing viruses and malware.

While we do not have any specific evidence that malware or viruses were actually distributed, we strongly recommend a series of security measures for those who visited our site between 8:00PM PDT, Tuesday August 5, 2008 and 7:45AM PDT, Wednesday August 6, 2008:

• Make sure your anti-virus software definitions are up-to-date.
• Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
• Review the information at http://www.us-cert.gov/cas/tips/ about managing viruses.
• Update your operating system and other software with the latest security patches. While most software will alert you of any updates automatically, you should run Windows Update on Windows, Software Update on Mac OS X, and for any other applications that you frequently use. For many applications, look in the “Help” menu for information on updates. Check the software documentation if you cannot find that information.

While we have no reason to believe that this issue has compromised any personal data, we do want to take this opportunity to remind all of our customers and visitors to practice “best practices” with regard to protecting your online identity and data. Take the time necessary to secure your information by changing the passwords on your online accounts. “Best practices” recommend that you change your passwords regularly (at least once a month) to keep your system information secure. This time investment will pay big dividends in risk prevention. For additional security tips, see http://blog.techsoup.org.

We continue to ensure, as best as possible, that all of our sites provide content that is safe, helpful and informative.

Sincerely,

Marnie Webb
Co-CEO

---

POSTED: August 07, 2008, 11:00am PDT

We have been testing solutions for much of this morning and believe that we are in the final stages of restoring our websites. We will continue providing the latest information available.

To reiterate our earlier message, we have suffered a SQL Injection attack. We do not have any specific evidence that malware or viruses were actually distributed; however, it is possible that people who visited our websites between 8:00PM PDT, Tuesday August 5, 2008 and 7:45AM PDT, Wednesday August 6, 2008 could have been exposed to malware or viruses. We are advising anyone who visited any of the listed websites, during the hours noted above, to:

• Make sure your anti-virus software definitions are up-to-date.
• Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
• Review the information at http://www.us-cert.gov/cas/tips/ about managing viruses.
• Please continue to check this webpage (which is safe!) for further updates.
  

Please see message below for full details about this outage.

---

POSTED: Thursday, August 07, 2008 9:00 AM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: Thursday, August 07, 2008 7:00 AM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: Thursday, August 07, 2008 5:00 AM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: Thursday, August 07, 2008 3:00 AM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: Thursday, August 07, 2008 1:00 AM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: Wednesday, August 06, 2008 11:00 PM PDT: STATUS UNCHANGED.
Please see last full update

---

POSTED: August 06, 2008, 09:05pm PDT

We have further information about what has caused our current website issues. We have suffered a SQL Injection attack. These types of attacks are known to exploit website vulnerabilities with the intent of distributing viruses and malware. We do not yet know all the details of this attack at this time. We do not have any specific evidence that malware or viruses were actually distributed; however, it is possible that people who visited our websites between 8:00PM PDT, Tuesday August 5, 2008 and 7:45AM PDT, Wednesday August 6, 2008 could have been exposed to viruses or malware. The impacted sites are:

• www.techsoup.org
• www.techsoup.org/stock
• www.techsoup.org/mar
• www.compumentor.org

We are advising anyone who visited any of the listed websites, during the hours noted above, to:

• Make sure your anti-virus software definitions are up-to-date.
• Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
• Review the information at http://www.us-cert.gov/cas/tips/ about managing viruses.
• Please continue to check this webpage (which is safe!) for further updates.
  

We also advise you to update your operating system and other software with the latest security patches. While most software will alert you of any updates automatically, you should run Windows Update on Windows, Software Update on Mac OS X, and for any other applications that you frequently use. For many applications, look in the “Help” menu for information on updates. Check the software documentation if you cannot find that information.

While we have no reason to believe that this issue has compromised any personal data, we do want to take this opportunity to remind all of our customers and visitors to practice “best practices” with regard to protecting your online identity and data. Take the time necessary to secure your information by changing the passwords on your online accounts. “Best practices” recommend that you change your passwords regularly (at least once a month) to keep your system information secure. This time investment will pay big dividends in risk prevention. For additional security tips, see http://blog.techsoup.org.

We apologize for this inconvenience, and we are working, not just to restore the functionality to our website, but to ensure, as best as possible, that the site is safe and not subject to future attacks. We will continue to update you about the issues relating to this attack, the risks to our customers and visitors, recommended actions for our customers and visitors, and the status of our various websites and services.
Unfortunately, because our systems are down, we can't process orders or answer your questions about order status or donation programs very effectively in the meantime. Our staff has a solution developed and in testing. Once we know the results of the test, we will update this post. We do expect testing to last for several hours.

You are welcome to call us at 1-800-659-3579 after 6:00 AM PDT tomorrow, Thursday, August 7, 2008 if you have a question that you think we can help you with while we sort this out.

We take this issue, and your security, very seriously.

Sincerely,
Marnie Webb
Co-CEO

---

POSTED: Wednesday, August 06, 2008, 5:00pm PDT

We have been experiencing a problem with some of our websites since about 8:00 PM PST last evening, Tuesday, August 5, 2008, that we now know originated outside of our systems. As a precautionary measure, we temporarily took down our websites this morning at 7:45 AM PST. We do not yet know the exact root-cause of our sites experiencing error messages, but the activity was sufficiently suspicious that we want to advise anyone who visited any of our websites listed below between the hours noted above to:

• Make sure your anti-virus software definitions are up-to-date.
• Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
• Review the information at http://www.us-cert.gov/current/ about managing viruses.
• Please check this webpage (which is safe!) as often as you'd like – we promise to keep it up-to-date.

Websites impacted:

• www.techsoup.org
• www.techsoup.org/stock
• www.techsoup.org/mar
• www.compumentor.org

We plan to update this web page status either the minute we know more specifically or every two hours, in any case. Unfortunately, because our systems are temporarily down, we can't process orders or answer your questions about order status or donation programs very well in the meantime.

You are welcome to call us at 1-800-659-3579 if you have a question that you think we can help you with while we sort this out. Please be assured our best technical folks are working full-time to resolve this issue.

We sincerely apologize for the inconvenience. Please know we will do everything we can to make sure you have timely and complete information on the nature of this problem and what to expect.