Yesterday we discovered that Care2.com servers were attacked, resulting in a security breach. The hackers were able to access login information for a limited number of Care2 member accounts. Our team has worked to secure Care2.com against this type of attack from recurring.
To protect Care2 members we are resetting access to all Care2 accounts. The next time you login to Care2, you will be automatically emailed a new password, which will enable you to access your Care2 account as usual.
To secure your privacy, we highly recommend you immediately change your password for any accounts that share the password you previously used on Care2.
We sincerely apologize for this inconvenience. Given our large membership size, we have become a significant target for spammers and hackers over the past few years, and this was the first hacking attempt that successfully breached our protective walls. We take the security of our members very seriously and are taking this extreme step of changing all passwords to reduce the chances of any possible negative consequences.
Q. Was my login information accessed?
A. The hackers gained access to a limited number of email addresses and passwords. To be on the safe side with security as our top priority, we have changed all Care2 member account passwords to protect them from unauthorized access.
Q. Why should I change passwords to my other (non-Care2) accounts?
A. As a precaution, we recommend changing your account passwords for any account that shares the same password you used on Care2 and/or any account that was connected to Care2. Hackers sometimes try logging into financial or other accounts using login information they have stolen from another site in the hope that the account holder used the same password on multiple sites.
Q. What can I do to recover my password?
A. Visit http://www.care2.com/retrieve_password Enter your user name or email address in the green box titled “Forgot your password or log-in name?” Your password will be emailed to you.
Q. What can I do to recover my password if I don’t have access to the email account associated with my Care2 account? (this is sometimes an issue for Care2 webmail users)
A. Please contact Care2 customer support for help
Q. Has the security breach at Care2 been stopped?
A. Yes, we immediately closed the hole that the hackers found and blocked access to account logins.
Q. Who are the hackers?
A. We have no way of knowing, other than the fact that the IP Address used in the attack was from Russia. Hackers use all sorts of techniques to disguise their identity and location though, so we can’t say for sure where the attack originated. We have contacted the FBI to investigate.
Q. Why did they attack Care2?
A. As one of the larger membership based organizations, we have become a target for spammers and hackers over the past several years. Hackers are most likely looking for login information they can exploit on financial websites. Individuals often use the same login information on multiple sites, so if a hacker can get your login credentials on one site, they can then try using those same details to login to a financial site. It is strongly recommended you use different passwords for each site you use! You may want to use a password manager to generate secure passwords and keep track of them.
Q. What happens after I’ve changed my password(s)?
A. Everything should return to normal. Note that independent of this event, security experts recommend you periodically change your passwords.
Again, we sincerely apologize for this inconvenience and can assure you that we are doing everything within our power to keep the site safe and secure for all members.