StackOverflow and Canva two popular sites attacked by the hackers and vectors are not covered. The company is developer-centric sites in the world, reported last month that a data breach occurred on May 11th. Canva, an Australian image creation site, which has over 10 million active users, reported that around 139 million users’ data had been accessed.
STORY BEHIND THE DATA BREACH IN StackOverflow
The breach came into eyes by the site on May 15th, where Mary Ferguson, the VP of Engineering at Stack Overflow, released a blog post informing users of the breach. This was called an ‘attack’ which resulted in malicious parties gaining access to the production environment of StackOverflow. The production environment is the main system of front end and backend data.
On May 5th, a bug being pushed to the development tier for the site. This bug allowed the attacker to log in to the development layer and escalate their privileges. During 5th to 11th MAY, the hacker was exploring the site. Then the attacker attacked the product environment and granted themselves privileged access. Though the hackers were identified and their access was revoked. The company stated that could have been compromised includes IP addresses, names or emails for a small number of users. 184 public network users were affected by this, who were notified of the issue.
Now the company has terminated the access to unauthorised users and fixed the bug and a hired third-party forensics firm to identify further issues.
WHAT HAPPENED WITH THE CANVA?
The company data was breached in last month and the attack was detected by the hackers on MAY 24th. The attackers have already collected the data of 932 million users from over 40 companies.
After the attack was detected the company locked down the site the Hacker was interrupted in the middle of the attack. The data of 139 million users such as usernames, names, email addresses, country and user-supplied data about their location being compromised. For users signed in via Google, the OAuth tokens required for logging in were said to be compromised. The hacker stated that “I download everything up to May 17. They detected my breach and closed their database server.”
All of the passwords were hashed, and the OAuth tokens used for the Google login were also encrypted with AES128.
The company has partnered with 1password and offered one free year of the service for Canva users. hey also released a blog post and what users can do to protect themselves from further attacks through phishing.
The sites were ready for such attacks and prepared security measures such as salting passwords and maintaining discrete databases, had also been instrumental in reducing the damage done for such type of attacks
Even though Canva lost a lot of user data in the breach, they actively informed them and provided steps to protect from further attacks. This will be helpful for someone who is not well-versed with cybersecurity practices. These breaches can be solved better and easily.