The extent of the security breach was not disclosed by Care2, although the site did ask all of its subscribers to reset their passwords. Care2.com is a US-based website that centers on social issue advocacy.
“To protect Care2 members we are resetting access to all Care2 accounts. The next time you login to Care2, you will be automatically emailed a new password, which will enable you to access your Care2 account as usual”, the website said in a blog. The site recommended that all users change their passwords for any accounts that share the Care2 account password.
Care2 stressed that the hackers were only able to access email addresses and passwords for a “limited number” of accounts. “Our team has worked to secure Care2.com against this type of attack from recurring”, the blog said.
“Given our large membership size [17,918,936 members], we have become a significant target for spammers and hackers over the past few years, and this was the first hacking attempt that successfully breached our protective walls. We take the security of our members very seriously and are taking this extreme step of changing all passwords to reduce the chances of any possible negative consequences”, the blog added.
Care2 said that the hackers used an IP address in Russia to carry out the attack. The FBI has been contacted about the breach.