Australia-based design service company Canva has reportedly suffered a data breach over the weekend. According to reports, the information of over 130 million Canva users was stolen in the incident.
In a statement addressed to its users, the company confirmed that the attack happened last Saturday and that the hacker was able to access and download Canva usernames and email addresses.
The attacker also stole around 60 million account passwords. Fortunately, they were in encrypted form, making them unreadable to any third party entities.
Canva added:
If you use Facebook or Google to log into Canva, rest assured those credentials are also encrypted and unreadable by external parties, so you do not have to change your password on Facebook or Google.
Stealing Information of Canva Users
A report from ZDNet said that the hacker responsible for taking the data of Canva users is online as GnosticPlayers. The attacker rose to fame early this year for posting the data of more than 900 million people on the dark web, which he/she claimed to have stolen from 44 companies around the world.
The attacker allegedly contacted ZDNet and boasted about his/her latest hacking victim: Canva. According to the attacker, they were only able to “download everything up to May 17” because Canva detected the attack and secured the database.
Aside from usernames and emails, the other stolen information in the database included real names together with their city and country data. While the passwords were said to be salted and hashed, Canva is still encouraging users to change their passwords immediately.
The identity of the attacker remains unknown, but Canva assures its users that the company has already taken the necessary actions to secure all user accounts. At the moment, the Australian firm is working closely with law enforcement agencies to track the culprit.
Comments (0)
Most Recent