

Canv.as AWS account hacked - nathancahill

Canvasaurs,<p>We were recently made aware of a security breach that affected all of our servers hosted with Amazon, which includes the ones that previously hosted Canvas. The person(s) used our account to order hundreds of expensive servers, likely to mine Bitcoin or other cryptocurrencies. When we detected this activity, we immediately locked down the account.<p>Unfortunately we have no way of knowing what, if any, information was accessed by the attacker(s). It&#x27;s possible they only used our account to order servers, however it&#x27;s also possible they accessed our database, and thus user e-mail addresses, encrypted passwords, and other information.<p>We&#x27;d suggest you consider changing your e-mail account password, and the passwords of any services you connected with Canvas. Although Canvas account passwords were encrypted in our database using a modern, secure method called bcrypt, it&#x27;s better to be safe than sorry. To reiterate, we found no evidence of an attack targeting Canvas or its users directly, but since we&#x27;re unable to conduct a thorough investigation, we can&#x27;t know for sure what was accessed.<p>We&#x27;re extremely sorry this happened, and will do our best to ensure no further breaches occur.<p>- Team Canvas
======
jfrisby
Strongly suggest a service like Cloudability to help find out about such
things as soon as possible...

------
eevilspock
So why would I have to change my email account password? What does it have to
do with Canvas? My Canvas password is unique.

