Week 22 Cyberattack Digest 2019 – Victoria’s Patients, Canva Graphic Design, Flipboard and others
We hope you have been waiting for our new cyberattack digest 2019 week 22, so here it comes.
Victoria’s patient can be easily accessed
by The Guardian – 29 May, 2019
Healthcare data is one of the most vulnerable and thus desirable for attackers
Recently it has come to light that patient data in Victoria’s public health system could be easily accessed in a system with a plenty of vulnerabilities. The healthcare sector is generally quite vulnerable and prone to cyberattacks with its weak security measures. “Our testing demonstrated that all the audited health services are vulnerable to attacks that could steal or alter patient data,” the auditor general, Andrew Greaves, revealed in a report. Two other reports by Greaves revealed government departments had a low-security level creating “a significant and present risk”.
Also, the control systems of the state’s water providers were found to be exposed to cyberattacks due to the lack of a strategic approach to managing risk.
Canva graphic design website suffers a data leakage
by CISO Mag – 28 May, 2019
The graphic design website Canva experiences a cyberattack last Friday
Malefactors got away with data of approximately 139 million users. Sydney-based Canva found out about the attack on May 24 and immediately started to fix the cause of the leakage. Exposed information consisted of names, email addresses, and salted and hashed passwords. ZDNet revealed that actual customer names and city and country information were accessed as well.
“I download everything up to May 17,” the hacker said to ZDNet. “They detected my breach and closed their database server.” There is no evidence that customer designs and financial information were affected.
Attacked Flipboard has over 150 million visitors per month
by SC Media – 30 May, 2019
Databases belonging to news and social network aggregation service Flipboard was accessed by malefactors who are believed to have stolen copies of some users’ data
“On April 23, 2019, our engineering team identified the unauthorized activity that occurred on April 21-22, 2019. At that time, we were investigating the suspicious activity that occurred on March 23, 2019,” said an online notification posted by Palo Alto, California-based Flipboard.
Flipboard’s services are visited by over a 150 million users per month, and it is still unknown how many users were affected by the breach. Still, the company has confirmed that exposed data contained names, logins, passwords, email addresses and digital tokens. All the exposed passwords that were created after March 14, 2012 have bcrypt protection, but older passwords are protected with SHA-1. Flipboard officials still strongly recommend users to change their credentials.
Luckily, Flipboard does not collect highly sensitive PII like Social Security numbers, government-issued IDs and financial information. “That said, Flipboard was doing something right: not storing passwords in plaintext,” commented Terry Ray, SVP and fellow at Imperva. Hashing and salting makes it “incredibly difficult for attackers to obtain your password.”