Last month, 2 major data breaches took place showing how companies are lagging behind in fulfilling the attack vectors. Its high time for companies to take cyber security seriously and act over it.
Stack Overflow, a knowledge-sharing platform for more than 100 million developers, reported a data breach last month.
Another big data breach occured at Canva, an Australian image creation site, which has over 10 million active users, reported that around 139 million users’ data had been accessed.
Stack Overflow Data Breach, what exactly happened ?
First news of the attacks came on May 15, when the company shared Mary Ferguson, VP at Stack Overflow shared about it on its website.
“The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” said Mary Ferguson, vice president of engineering.
“This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion,” she said.
“We discovered and investigated the extent of the access and are addressing all known vulnerabilities,” Ferguson said.
“As part of our security procedures to protect sensitive customer data, we maintain separate infrastructure and networks for clients of our Teams, Business, and Enterprise products and we have found no evidence that those systems or customer data were accessed. Our Advertising and Talent businesses were also not impacted by this intrusion.”
Stack Overflow later updated that their investigation suggests approximately 250 public network users being affected and the affected users were notified about it.
Canva’s Data Breach Story
The breach at Australian tech unicorn Canva occurred later in the month, with the attack being detected on May 24th. This was a high-profile hack conducted by an individual or group,GnosticPlayers, who has collected the data of 932 million users from over 40 companies.
In a statement the company said that on 24 May it “became aware of a security incident”.
“As soon as we were notified, we immediately took steps to identify and remedy the cause, and have reported the situation to authorities (including the FBI),” the company said. As the hacker was interrupted in the middle of the attack he tweeted about the attack leading Canva scrambling to provide information about the attack..
“I download everything up to May 17,” the hacker said. “They detected my breach and closed their database server.”
During the breach a number of Canva usernames and email addresses were accessed. In addition, the company said that the hackers had obtained encrypted copies of Canva users’ passwords. “The passwords were salted and hashed with bcrypt”, Canva claims.
“This means that our user passwords remain unreadable by external parties,” the company said in its statement. “However, in line with best practices, we recommend that you change your Canva password.
A web application firewall (WAF) is the best bet in such attacks. A WAF protects web application servers and infrastructure from attacks and breaches originating from the Internet and external networks. Logix has been One of the leading IT company to deliver Email Security from its private cloud Infrastructure. Logix is launching a new end to end WAF solution to provide a secure environment.