Over the weekend of May 24, Canva, a popular design tool for non-designers, suffered a data breach that exposed the data of 139 million users. This included full names, email addresses, city and country of residence, and passwords.
The attack was conducted using a “password spraying” technique. This technique is a type of brute force attack, which involves trying different passwords on multiple accounts until one is successful. It’s an effective attack method because it’s difficult to detect and easy to execute.
The Canva attack occurred when hackers used automated tools to attempt thousands of different combinations of usernames and passwords. The hackers were able to gain access to the company’s database by successfully guessing some users’ passwords. The attackers then used their access to the database to obtain user data such as emails and passwords.
In response to the attack, Canva has implemented additional security measures such as two-factor authentication, password reset notifications, and increased password complexity requirements. They have also set up an Incident Response Team that is monitoring activity on the platform and responding quickly to any suspicious activity.
Canva has also encouraged users who may have been affected by the breach to change their passwords immediately and take extra steps to protect their accounts such as enabling two-factor authentication or using a password manager.
The Canva attack highlights the importance of using strong passwords and implementing security measures such as two-factor authentication for online accounts. Companies should also ensure that they have adequate security measures in place to protect user data from attackers who may try similar brute force techniques in future attacks.
Conclusion: The Canva attack was conducted using a “password spraying” technique which involved trying different combinations of usernames and passwords until one was successful. In response to the attack, Canva has implemented additional security measures such as two-factor authentication, password reset notifications and increased password complexity requirements. It serves as an important reminder for everyone – both individuals and companies – about the need for strong passwords and effective security measures in order to protect user data from future attacks.