Your online identity truly is one of the most valuable things online, and in previous articles we explored what it is, what it is worth and how to protect it. Including being careful about which websites you can trust.
The unfortunate truth is that even the most trustworthy websites can be vulnerable to attack. When they are attacked, your information may be at risk.
What is a data breach?
Regardless of whether it scares you, a data breach is just when your data is accessed by someone who shouldn’t. Even if someone just left your information on a printer.
Luckily it’s harder for someone to get it from websites we trust and use. Especially if you’re using the tips we touched on on how to protect your online identity?.
Case Study: Canva
Canva is an online design and publishing tool with a mission to empower everyone in the world to design anything and publish anywhere. They are very successful and even we use their tools to produce content to support our mission.
On the 24th of May 2019 Canva suffered an attack which they were able to interrupt. They have also been incredibly helpful in updates as they have become available, while proactively protecting and supporting their users.
According to haveibeenpwnded.com 137,272,116 accounts were comprimised.
This information was later confirmed by Canva themselves.
What was the damage?
Canva released information on the 1st of June 2019 to their users about the information the attackers had accessed, which we’ve summarised below.
- Accessed information from (Canva’s) profile database for up to 139 million users…(Including) usernames, names, email addresses, country, and optionally, user-supplied data about their city and/or homepage URL which was available through their public profile.
- They accessed cryptographically protected passwords (Canva has used industry standard techniques to make any stolen passwords un-readable)
- They claimed to have obtained…login tokens which could allow them to access accounts of users who signed in via Google. (Canva has no evidence of this and separates the information required to prevent them from being able to use this information)
- They briefly viewed files with partial credit card and payment data. (Canva has no evidence this information was stolen and never stores full credit card information. Which means any information stolen wouldn’t be able to be used to charge these credit cards)
What we can learn from Canva
In the wake of this attack, Canva has released some really helpful advice you can start using today:
- Change your password: Changing your password when there is a breach and on websites you use the same password makes their information useless
- Report suspicious emails: Flagging any suspicious emails supports your email provider to find and helps block these messages for others
- Use a password manager: Password managers are apps which makes it easier to create strong unique passwords for every site. The best part is they remember your password so you don’t have to
- Update your contact details: Updating your contact details ensures these websites can contact you about breaches when they happen and the best way to protect yourself when they happen
Final Thoughts
Where there is a will there is a way, and attackers are constantly trying to find ways to penetrate your defences. Even Canva who has demonstrated their dedication in protecting their users have fallen prey.
The strategies they have used to proactively prevent data breaches and their effect are very commendable. Especially the way they have handled this breach, demonstrating they’re truly a brand you can trust.
Next week I will be exploring how you can discover if an account of yours is discovered to be compromised. Combined with the latest advice on how to protect yourself and the easiest way to implement it.
Remember you’re the best person to protect yourself,
Peter Harvey