Canva 2019 data breach: Difference between revisions
No edit summary |
Incident Section, Companys Response |
||
| Line 7: | Line 7: | ||
==[Incident]== | ==[Incident]== | ||
The attack was linked to a group known as GnosticPlayers. [https://www.sophos.com/en-us/blog/millions-of-canva-users-data-stolen-as-gnosticplayers-strikes-again] The group claimed to exfiltrate data and offered it for sale on breached forums, with motives of financial gain. The breach was caused by credential stuffing and credential cracking. [https://ieeexplore.ieee.org/document/9799087] Passwords were hashed with bcrypt; however, they were later decrypted. | |||
The data exfiltrated from the breach included: email addresses, real names, cities and countries of residence, public profile data, and partially hashed passwords (for users logged in directly with Canva, not externally). Payment data was not accessed. | |||
===[Company]'s response=== | ===[Company]'s response=== | ||
Canva alerted users on May 25, 2019, to reset their passwords through email and in app alerts. To improve security, Canva introduced Multi-factor authentication (MFA), enhanced security measures (not specified), and regular security audits.[https://www.huntress.com/threat-library/data-breach/canva-data-breach] | |||
==Lawsuit== | ==Lawsuit== | ||