Don’t make hackers famous at your expense
A hacker known as GnosticPlayers has now totaled over 1 billion stolen user credentials from 45 companies, according to ZDNet. Usually, we don’t mention specific hackers in our coverage of data security incidents. For one thing, there often isn’t a clear culprit. Even when there is, however, naming them would hardly stir recognition in most readers’ minds. There have probably been only a couple of times where we named names. It’s hard to avoid once they have achieved a certain level of notoriety, which is often a side motivator for these people, after profit. Indeed, this hacker has stated the 1 billion number as a definite goal.
Their latest target, as revealed yesterday, is Australian startup Canva. Well, I say startup, but Canva is currently one of Australia’s biggest tech firms, sitting comfortably in the Top 200 list as ranked by Alexa website traffic. Large enough to have data on almost 140 million users, which GnosticPlayers pilfered from their database server.
Of all the information stolen—usernames and real names, email addresses, city and country location data—passwords were noticeably safer, thanks to highly secure hashing. Canva clearly had the sense to protect these to a degree you don’t always hear about in these stories. So, when they claim they “securely store all of our passwords using the highest standards,” there’s actually some truth to it. That said, it remains uncertain how the hacker carried out this breach.
Another uncertainty involves the price tags attached to all this data on the dark web. Notoriety might be a nice perk for a cyber criminal, but again, they generally don’t do this without a profit motive. Thus the 500% spike in ransomware this year over last, shows research from MalwareBytes Labs. In the US, local governments have become a prime target. Malicious strains often impact critical municipal operations, as it did in Baltimore a couple of weeks ago. Critical systems, financial records, city workers, even potential homebuyers were severely impacted, with vital information rendered inaccessible; some remain so.
Baltimore is not one of the 17% who pay the ransom, though it means more weeks of chaos and inconvenience. In the meantime, the mayor has introduced temporary measures to circumvent the handicap.
Unfortunately, incidents like these are no longer outliers. You can’t stop cyber criminals from attacking your systems. The only thing you can do is to make sure they’re as well protected as they can possibly be, and prepare optimal contingency plans. Don’t let a hacker make a name for themselves at your expense.