Exploit: Unauthorized Systems Access
Canva – Digital Design Platform
Risk to Small Business: 1.667 = Severe
Digital design powerhouse Canva found itself in hot water this week as hackers accessed the platform and used it to facilitate spear phishing attacks. Canva unwittingly provided phishing campaigns with graphics that then made the threat actors’ attacks appear more legitimate to facilitate pilfering credentials through social engineering trickery. The problem was first noted in February but has accelerated since. The hack may be related to a significant May 2019 data breach that Canva has not confirmed but was widely reported.
Individual Risk: 2.776 = Moderate
At this time, Experian is not reporting that any sensitive financial or personal data was stolen, but this is an incident that could have long-reaching implications for South African consumers and businesses, and there is no guarantee that PII or financial data wasn’t compromised. Consumers and businesses should use caution in communications around financial topics and be alert for fraud, identity theft or spear phishing attempts
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Information that is stolen in a breach can end up on the Dark Web and reverberate for years. That data can be used in many ways by cybercriminals to capitalize on the results of cybercrime in phishing attacks, credential stuffing, and more.