Canva Data Breach Affecting Millions of Users
Threat Blog: 2
Many small marketing teams and designers use, or are at least familiar with, the creative program Canva. It is known to provide a wide range of free (or low-cost) creative tools and designs, but with the stock photo services of Pexels and Pixabay, Canva has recently been working to offer even more resources to their users.
Just over a week ago, on May 24, 2019, Canva’s database was compromised in a cyberattack that is believed to have affected up to 139 million users. The attackers, who go by the alias GnosticPlayers, were able to get usernames and email addresses. Recently, GnosticPlayers revealed even more details over the data breach. They said that they had downloaded all of Canva’s user’s information that was stored in their database starting from May 17. They also revealed that on top of obtaining usernames and email addresses, they were able to get the customer’s real names and city and country information.
Luckily, it looks like user’s designs have been left untouched. Since Canva doesn’t store or hold onto any credit card information, it’s believed that information hasn’t been compromised as well. And for those that log into their account by using Facebook or Google, they shouldn’t have been affected by the breach at all.
Canva has been working fast to make sure all necessary steps were taken to solve the issue. They even offer even more details about the cyberattack on their support page. Canva insists that even if any passwords were stolen, they are unreadable by third parties, since they were salted and hashed with bcrypt. However, as a precaution, they still suggest you reset your password on your account. Always better to be safe than sorry!