Question

Find an example online of a cyber attack or breach that has happened within the past 3 years. Provide the link and summarize what you found. What type of threat was represented in this example? Why/how do you feel this occurred? What could have been done differently to protect against this threat?

Answer 1

We will discuss about one of the biggest data breach that occured 1 year ago, It was a data breach that resulted in a threat to about 130+ million user accounts.

Canva, is a australian startup company, that provides graphic design services.It was founded in 2012, it one of the famous graphic designer companies, and provided services like, building websites, creating logos for its users.

In may 2019, this company suffered an attack, that revealed,about 130+ million user informations such as, email addresses, usernames, user location, passwords of accounts.

The hacker, was anonymously named as Gnosticplayers, The hacker managed to contact a technology news channel, and said that, he/she had claimed more than 130+million user account details, of canva company, of that over 60 million users account were google accounts. This hacker also told that he had put those details for sale into the darkweb.

Canva said the hackers were able to only view the details, but was unable to steal files with credit card and payment informations.

However,resulting to this attack, Canva company had to shut down their database, it also prompted its users to change their passwords immediately,and they had a list of approximately 4 million canva accounts containg stolen information and later decrypted, to notify users for unchanged passwords.This attack took place 3 days after the company announced it raised $70 million in a series D funding.

In this example, the threat was directly affecting the users itself, it also affected the credibility of the company.

If we analyse deeply into the case, I feel that the main reason for this attack was the insecure database, and the company did not follow any strategy to safeguard passwords, like most of the other organistions. And the database were accumulated with many quantity of information. If the company had identified the risk earlier, and suggested its users to change their passwords frequently, the whole data breach would not be possible. The company should also had to conduct regular test on database, and delete unneccessary storage

HOPE THIS HELPED, DON'T FORGET TO LIKE :-).