Hacker Who Previously Sold Stolen Data Online Claimed Responsibility Over Canva Breach

139 million users' data were taken by GnosticPlayers, the hacker who previously sold stolen data online, from Canva.139 million accounts stolen from Canva. Photo: Daniel Oprea | Creative Commons | CC BY-NC 4.0

The series of cyber attacks launched by the hacker who claimed to have infiltrated systems in the past and selling it to the black market continues as the said hacker have also confirmed that he was able to hack into Australian online photo editing company, Canva, and successfully gaining access to private data of users.

One hundred thirty-nine users were allegedly affected by the data breach with their personal information, including real names, usernames, email addresses and city and the hacker has taken country information. The cybercriminal identified himself as GnosticPlayers, who previously have done the same thing in four batches and sold the data he was able to hack in the black market.

Email passwords were salted and hashed using the Bcrypt algorithm and were almost impossible to reverse. Luckily other information like dates of birth and street addresses do not seem to have been part of the compromised data.

Experts suggest that if you signed up for Canva using your email and a password, you should immediately change the password in all accounts where the same password was used. However, since the online editing platform allows users to sign up using their Facebook or Gmail accounts, there is no evidence that these accounts were at all compromised.

The hacker, GnosticPlayers, contacted security reported, Catalin Cimpanu, who immediately informed Canva and “made [them] aware of a security breach which enabled access to several usernames and email addresses.”

“We securely store all of our passwords using the highest standards (individually salted and hashed with Bcrypt) and have no evidence that any of our users’ credentials have been compromised,” the company reportedly said. “As a safeguard, we are encouraging our community to change their passwords as a precaution.”

“Bcrypt is a strong and slow password-hashing algorithm that was designed to be difficult and time-consuming for a “cracker” to reverse. (Hashing is one-way encryption for items that are not meant to be decrypted.) Each password was “salted” with additional random data to make hash-cracking even more difficult,” said Paul Wagenseil is a senior editor at Tom’s Guide focused on security and privacy.

GnosticPlayers has previously put up for sale the data from six different companies, totaling to 26.42 million user data and records, for which he is exchanging to anyone who can pay him/they with 1.2431 bitcoin ($4,940.00).

Since February 11, the hacker/group has put up data for sale of more than 32 companies on Dream Market, a dark web marketplace. On March, the hacker published a new batch of files from six new companies such as the game dev platform, GameSalad, Brazilian book store, Estante Virtual, online task manager and scheduling apps, Coubic and LifeBear, Indonesia e-commerce giant Bukalapak, and Indonesian student career site, YouthManual.

The data from the popular game development platform, GameSalad, that was hacked last February 2019 includes email addresses, passwords (SHA1/SHA256), username, and IP addresses of users. Similarly, the Brazilian book shop, Estante Virtual includes names, username, passwords (SHA1), address, emails, and phone number. Likewise, the hacker/s is/are also selling data from Coubic, scheduling software that includes name, email, and passwords, as well as from LifeBear, a Japanese scheduling app. Furthermore, the hacked data from Bualapak, an Indonesian e-commerce website that was hacked since July 2017 that includes usernames, names, email addresses, password hashes (SHA512+salt), shopping details, and IP address. Lastly, the on-sale data also include hacked names, emails, password hashes, hobbies, and education details of users from the Indonesian youth and career site, YouthManual.

Many of the companies that Gnosticplayers put up for sale in the previous rounds of the auction have already reported and confirmed that their servers had been breached and data have been taken. Coubic, the scheduling software whose hacked data are included in the latest round of hacked data sale have said that their company is already investigating the supposed incident.

According to the hacker/s, the main reason that the data are on sale right now is that the said companies have failed to protect their data and passwords with robust encryption algorithms like Bcrypt.

“I get upset because I feel no one is learning,” the hacker said to Catalyn Cimpanu, ZDNet’s tech correspondent, through an online chat today. “I just felt upset at this particular moment because seeing this lack of security in 2019 is making me angry.”

About the Author

Al Restar
A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama. I also own a cybersecurity blog called Zero Day.

Be the first to comment on "Hacker Who Previously Sold Stolen Data Online Claimed Responsibility Over Canva Breach"

Leave a comment

Your email address will not be published.


*