Author: Will Chester

At TechChange, the trust of our community is the foundation of everything we do. It is in that spirit of transparency that we are sharing details about a recent security incident.

On July 21, 2025, we discovered that a single TechChange employee’s email account had been compromised by a malicious actor. We took immediate action to secure the account and launch a full investigation to understand the nature and scope of the incident.

What Happened?

Our investigation found that an attacker gained unauthorized access to the account on July 14 using a compromised password and successfully completed two-factor authentication. On July 21, the attacker used this access to take two malicious actions:

  1. They exported the employee’s contact list, which contained the names and email addresses of our partners, clients, and community members.
  2. They sent a malicious phishing email with the subject line “#Katie Penland Request For Proposal (RFP)#” to the contacts on that list.

Our Immediate Response

Within minutes of discovering the activity, our team permanently locked the attacker out of the account, secured it against further access, and began a thorough investigation. We have confirmed that the unauthorized access was limited to this single email account and did not affect any other TechChange systems.

What This Means For You

  • If you received an email from katie.penland@techchange.org on or around July 21, 2025, with the subject “#Katie Penland Request For Proposal (RFP)#”, please do not click on any links, open attachments, or reply to the message. It was not a legitimate communication from TechChange. Please delete it immediately.
  • The data that was accessed was limited to contact information (names and email addresses). Our investigation has confirmed that no other sensitive information, such as financial data or passwords, was accessed or compromised.

How to Protect Yourself from Phishing Attacks

This incident is a reminder that phishing attacks are becoming increasingly sophisticated. 

Here are a few key things to look for to help you spot a malicious email:

  • Check the Sender’s Address: Look for slight misspellings or unusual domains in the sender’s email address.
  • Look for a Sense of Urgency: Attackers often try to create panic, demanding you take immediate action to avoid a negative consequence, like your account being closed.
  • Beware of Generic Greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
  • Hover Before You Click: Before clicking on any link, hover your mouse over it to see the actual destination URL. If the destination looks suspicious or doesn’t match the link’s text, don’t click it.
  • Don’t Open Unexpected Attachments: Be wary of any unsolicited attachments, especially from people you don’t know or that seem out of character for the sender.

Our Commitment to Security

The security of our community is our highest priority. To prevent incidents like this from happening again, we are taking the following steps:

  • We are accelerating the deployment of enhanced, phishing-resistant multi-factor authentication (MFA) across our organization, including the use of physical security keys.
  • We are conducting a full review of our security protocols and providing updated security awareness training for all of our staff.
  • We are notifying individuals directly and have reported this incident to the relevant authorities.

We are deeply sorry for this incident and any concern it may have caused. The trust you place in us is something we work to earn every day, and we are committed to learning from this incident and strengthening our defenses to protect our community.

If you have any further questions, please do not hesitate to contact us at 

security [at] techchange.org.

By Will Chester, TechChange Chief Technology Officer

Much like the lifelong learners that our signature TechChange platform supports, we never stop learning and working to improve our offerings. This year our development team has added numerous capabilities to our platform–the backbone of so many of our education and event programs– so that it will work even better for our partners. As the Chief Technology Officer at TechChange for the last thirteen years, I can say that it’s never been better. 

Improved multilingual capabilities make it easier to communicate 

One of the truly special aspects of our work is how many people from all over the world our partners reach, often using our platform to do it. We want to ensure that participants can experience TechChange courses, workshops, and conferences in their language of choice. The changes that we’ve made recently ensure that the platform now provides a fully multi-lingual experience from end to end. 

From a user perspective, platform users can now select the language they are most comfortable receiving content in and that’s what they will see, in the course and on the platform itself. And it’s not just that. For our blended and synchronous learning courses, cohort members can now communicate with other participants who are taking the course…in different languages! Real-time bi-directional AI-powered translation enables dialogue across 100+ languages, bridging the gap between people who don’t share the same linguistic profile. We’ve made it easier for administrators too, who can now create and maintain multilingual content in one dedicated space. 

In the future, we’re going to go even further to reduce the cost of translation of elearning content. Our team is working to incorporate Lokalise, which will result in a process that is 1/1000th the cost of manual translation.  

Enhanced media integration for optimal integration of content

Our partners’ courses incorporate many different types of content, including outside videos. The TechChange platform now enables seamless integration of content through Mux–a developer friendly version of Youtube. Administrators can now directly upload videos from their computer and stream videos straight to the platform. Event participants get a new benefit too of a new mini player view so they can click around elsewhere on the site– I know our multi-taskers will appreciate this. Live captioning on video and live streams add an extra layer of accessibility.

Social sharing of accomplishments on LinkedIn

Course participants will have a new way to show off their credentials from TechChange. Once they have completed a course on our platform, participants can easily add the course completion certificate directly to their LinkedIn profile. In this hiring climate, anything that makes you stand out as an employee or job candidate helps and we’re happy to be a part of that.

Streamlined login option

Finally, we’ve made it easier to log into the platform by adding single sign on, a passwordless login option. The email link to access the platform supports an easier login experience for our repeat users. 

To read more about these changes, check out our TechChange 2024 Platform Updates. 

TechChange-Platform-Updates-1-2Download

Or…head to the platform and see for yourself!

We are thrilled to announce our 2015 Summer Fellows. We would like to thank everyone who applied for this fellowship. With over 1,000 applicants from all over the globe, we were astounded to see how many young, talented individuals are out there that are looking to apply their technical skills for social good. Narrowing down this incredible pool of talented individuals to four fellows was a daunting task. To those that were not selected this year, we hope you’ll consider applying again next year.

Below is the list of TechChange’s 2015 Fellows:

Ethan Bogdan
Nithya Menon
Sara Abu-Ghnaim
You Jin Lee

Congratulations to Ethan, Nithya, Sara, and You. We are excited to have you all join us this summer!

OpenTok helps us bridge self-paced content and real-time video engagement. If you’re interested in exploring our platform, check out our upcoming course on mHealth: Mobile Phones for Public Health, organized in partnership with the mHealth Alliance. Class starts on Nov. 12!

 

Generally speaking, most online learning is divided into two camps: Self-paced content (Coursera, Moodle, etc.) or real-time video webinars (Adobe Connect, etc.). The problem is that our experience indicated that we needed both self-paced content to accommodate the mid-career professionals that comprise most of our students interested in technology, as well as real-time engagement to provide direct interaction with technologists and practitioners. Rather than compromise, we set out to build our own online learning platform.

When we set out to re-imagine online learning for our needs at TechChange, we realized that in order for our learning approach to work, we needed to create an environment conducive to collaboration and co-creation of learning. Our ability to beam in experts from all over the world for remote interviews is crucial to to making this type of learning possible. We use a video chat service called OpenTok to power these engagements.

OpenTok is a flexible video streaming service that allows us to integrate live video chat into our learning platform without having to worry about the actual video streaming itself. OpenTok provides a robust application programming interface (API) that allows a developer to integrate OpenTok services directly into your website or mobile application. They also offer pre-built solutions that you can simply embed into a website, but the brilliance of the OpenTok model is in their fully-featured API.

We tried other video platforms before finding OpenTok, but none of them offered the flexibility and feature richness that OpenTok offers. Using OpenTok we are able to allow remote presenters to simply log into our website and start publishing their audio-video feeds to our courses in only two clicks. This has greatly increased the ease of use of the platform and made it possible to convene important conversations between experts and course participants from countries around the world, including: Libya, Pakistan, Kazakstan, Kenya, Thailand, Egypt, and many others

Due to the bandwidth and other constraints we face bringing together this global audience (our courses generally include participants from 20+ countries), OpenTok’s robust API has been key to our success. With OpenTok speakers and participants can easily toggle video and audio streams to conserve bandwidth. We also convene participant panels where small groups of course participants can discuss pressing issues and share their personal experiences. We believe this video interaction goes a long way to creating virtual learning communities and adds greatly to course outcomes.

More recently, we used OpenTok to power our live stream of the International Conference of Crisis Mappers 2012. We received an excellent response to this offering and are looking forward to using OpenTok to allow other conferences and events to further engage with the global audiences that hunger for access to these important discussions. We believe it is especially important to provide access and inclusion to these communities that for any number of reasons are unable to be physically present for the increasing number of important discussions happening at ICT4D events and conferences in D.C. and around the world.

Finally, none of this would have been possible without OpenTok’s incredible customer support and technical assistance. I’ve spent countless hours on their IRC channel getting advice and support from members of their tech team. A special thanks goes out to @digitalsai, @meliho, and @jonmumm and others at OpenTok for all of their technical assistance and invaluable support as we’ve developed our OpenTok integration.

The TechChange course on Mobiles for International Development starts on June 18. Sign up now!

Have you ever been stuck on the mobile version of a website and were unable to go where you wanted just because you were surfing on your smartphone? One solution gaining prominence is called responsive design, which uses proportional measurements and other techniques to display appropriately-sized content on any device from large displays to smartphones. We are pleased to announce that we have launched our new fully-responsive website with the mobile device in mind. Not sure what responsive design is? Try resizing this window wider and narrower and watch what happens, or if you have a smartphone, try loading our site on it.

1. Mobiles matter and your audience uses them

It’s no secret that we’re big fans of mobile tech (re: Blog Posts of ours: Thoughts on Mobile Money for Development, FrontlineSMS and Technological Responsibility, Risk and Rewards of Mobile Technology in Governance Deployment), and mobile internet users are projected to surpass desktop users by 2015. Furthermore, Jon Evans of TechCrunch predicted that in five years most Sub-Saharan Africans will have smartphones and Vodafone recently announced that they will make a high-end low cost smartphone specifically designed for consumers in developing economies. We tweet more than a dozen articles every day on new innovations in mobile tech, from the developing world to higher education. That’s why when we redesigned our website to represent our online identity, we designed it with mobile in mind. This isn’t just on principle; we’ve seen our mobile traffic increase 175% from the same period last year.

2. Because it can save your organization time and money over the long run

There are many ways to approach mobile, and in the end we decided that a responsive design approach made the most sense for our needs. Building a responsive site based off a common codebase limits the hours needed to update code for each mobile platform out there (iOS, Android, Blackberry, Windows Phone 7, and more). While tools exist to streamline these processes and create cross-platform mobile apps, like PhoneGap and Appcelerator, this approach seemed overkill for our site. Furthermore, even if you do develop a native app, with the increase of mobile web use,  your site will be much easier to find, navigate, and utilized by web searchers.

We’re obviously not the first organization to do this (and we’re a little embarrassed it took us this long to catch up), but we are huge believers in the potential for responsive design to broaden reach and shorten development times (over the long run) and we are happy to be a resource for others considering a move in this direction.

3. Because it forces you to re-evaluate your priorities

We decided to take a “mobile first” approach to responsive design, which emphasizes designing for the smallest and most constrained canvas and then building upwards. We felt that this would be a good way to sift through the many pages and multitudes of text on our former site and pull out what was absolutely necessary and most relevant to our users. There are many many reasons to go mobile first, but we found that this process helped clarify our mission and focus.

The last point is that we didn’t do it alone. We read forums, checked ideas, circulated betas, and then asked for feedback from tech communities to help us keep building our model. That’s why we’d like to close with asking you, the reader, for your feedback if/when you get a chance to check out our site — either on a mobile device or otherwise. Also feel free to ask us any questions by emailing info@techchange.org!

After all, any technology is only as powerful as the community that uses it.