![]() Working closely with leading cyber security consultancy, Mandiant and other partners, we’ve identified the extent of the attack and the causes of it, and made changes to our systems to build an additional layer of protection for our users. Since the incident, we’ve introduced a number of internal changes to protect your data. To help all our users avoid this risk, we’ve partnered with 1Password to offer one year of free access to their password manager service, as well as implemented stronger password checks within Canva. So to protect our users on Canva, and elsewhere, we’ve requested all our users to change their passwords on Canva, and anywhere else they’ve used the same password. The way we store passwords makes password guessing incredibly difficult but it’s not impossible, and it’s easier if you have easy-to-guess passwords, such as password1, 123456! or Alex1997. For non-technical users, this is like a super-secure one-way door that converts your password into something that is incredibly hard to convert back into the original password, even with the strongest computers. What was accessed was individually salted and bcrypt-hashed passwords. The HIBP notification has led some users to ask if their passwords were compromised. As part of our incident response, one of the first things we did was to try to contact affected users via email and through in-app alerts. ![]() The content of these notifications are accurate, and we’re grateful to HIBP and Firefox Monitor for the service they provide to the community.įor some people with Canva accounts it appears that this security notification has come as a surprise. You can read more about the attack, how we responded, and what we did (see notes below, dated June 1, 10:13 AEST). Some of our users have recently been notified by (HIBP) and Firefox Monitor of a security breach that occurred on the 24th May 2019. Sebastian Welsh ( Head of Security, Canva) We apologize for any inconvenience caused, and thank you for your continued support and cooperation. Users without valid email addresses will need to use the manual recovery procedure. Users with a valid recovery address will be able to recover passwords using the regular password reset procedure. Make sure you use a safe and secure password that has not been used on other sites or accounts before.Use a password manager to manage all your Internet passwords. ![]() Create hard to guess passwords with a combination of letters (upper and lower case, numbers and special characters).We are taking this precaution to protect your Canva account.įollow our password guidelines here. Please note that if your password has been reset, it does not mean that your account has been accessed by attackers. Affected users will be required to set a new password to continue using Canva. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |