Web application security testing specialists reported a data breach incident in Canva, a web design platform developed in Australia; a malicious actor claims to have compromised the security of the platform to steal information belonging to about 139 million users.
According to the reports, the extracted
information includes:
- Users’
full names - Website
usernames - Email
addresses - Users’
country and city of residence
Although a data breach will never be good news,
not everything is lost to Canva, as the passwords of the email addresses of
users had the protection of an algorithm, known as Bcrypt, which, according web
application security testing specialists, it’s almost impossible to decrypt.
The first person to talk about the incident was
the hacker himself, known under the pseudonym ‘GnosticPlayers‘,
the same threat actor that in the past months claimed to have stolen data from
millions of people through multiple compromised websites. The hacker would have
contacted some specialists to inform them of his crime.
Subsequently, a representative of Canva
recognized that the company had suffered a security breach that allowed
unauthorized access to various personal details of users, such as username and
email address.
Through a statement, Canva mentioned: “All
passwords of our users are stored safely, because we adhere to the highest
standards of information protection. However, we will continue to monitor the
situation as an additional security measure”.
Web application security testing experts
recommend Canva users to reset their password; also, if you use the same
keywords on other platforms, it’s best to change your password on other
websites. Canva users can also access the platform through their Facebook or
Google accounts; the passwords of these platforms stored by Canva are not part
of the list of data compromised by the hacker.
According to the specialists from the
International Institute of Cyber Security (IICS), Bcrypt is a password hashing
algorithm designed to hinder the work of hackers; in addition, each Canva user
password has additional random characters that increase the complexity for
hackers to decrypt them.
