InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,469.30
(
0.39%
)
US TECH 100
19,171.20
(
1.12%
)
Dow Jones
39,112.16
(
-0.76%
)
Brent Oil
84.21
(
-1.24%
)
Bitcoin
62,019.99
(
2.92%
)
Post# of 249148
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2784
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Sunday, 05/26/2019 3:18:13 PM

Sunday, May 26, 2019 3:18:13 PM

Post# of 249148
Australian tech unicorn Canva suffers security breach

https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5cead0b52866ef00011c90a2&utm_medium=trueAnthem&utm_source=twitter

Hacker claims to have stolen the data of 139 million Canva users.

Canva, a Sydney-based startup that's behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned.

Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet.

Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world.

Hack took place this morning

Today, the hacker contacted ZDNet about his latest hack, involving Australian tech unicorn Canva, which he said he breached just hours before, earlier this morning.

"I download everything up to May 17," the hacker said. "They detected my breach and closed their database server."

Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available.

For 61 million users, password hashes were also present in the database. The passwords where hashed with the bcrypt algorithm, currently considered one of the most secure password-hashing algorithms around.

For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password.

Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account.

ZDNet requested a sample of the hacked data, so we could verify the hacker's claims. We received a sample with the data of 18,816 accounts, including the account details for some of the site's staff and admins.

We used this information to contact Canva users, who verified the validity of the data we received. We also contacted the site's administrators, informing them of the breach and requesting an official statement.

"Canva was today made aware of a security breach which enabled access to a number of usernames and email addresses," a Canva spokesperson told ZDNet via email.

"We securely store all of our passwords using the highest standards (individually salted and hashed with bcrypt) and have no evidence that any of our users' credentials have been compromised. As a safeguard, we are encouraging our community to change their passwords as a precaution," the company said.

"We will continue to communicate with our community as we learn more about the situation."
==================================================================
Getting the usernames will help the hackers since the passwords are probably being reused on many other sites and many of those passwords can be found on the Dark Web. So the hashing is not full protection to these users. The hacker would be an unknown device and an unapproved device trying to access the network if Wave VSC 2.0 and Wave ERAS had been used. He/she wouldn't have made it onto the network to obtain all of this data. Wave solutions could prevent a lot of these breaches from happening!!
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
Each of the Wave links above have a free trial at the link.

The link below is how to contact Wave for assistance!

https://www.wavesys.com/contact-information
















Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up