Graphic Design Service Canva Suffers Data Breach Affecting 139 Million Users

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

A recent victim of a security incident turns out to be the Australian tech firm Canva. The hacker(s) with alias ‘GnosticPlayers’ claimed the responsibility for the Canva data breach. As claimed, the attacker pilfered information of around 139 million users.

Canva Disclosed Data Breach

Reportedly, the Sydney-based graphic design firm Canva has been the recent victim of a hacking attack. The company confirmed the incident as they put up details on their website and sent email alerts to their users.

Revealing the details about the Canva data breach, the firm disclosed that they identified an ‘in-progress’ attack on their systems on May 24, 2019. Investigating the matter further revealed that the attacker accessed users’ email addresses, usernames, and bcrypt hashed passwords.

While their notice didn’t mention a specific number of affected users, the attacker has claimed to have the data for 139 million users. According to ZDNet, the attacker ‘GnosticPlayers’ contacted them and claimed to have stolen the data.

I download everything up to May 17. They detected my breach and closed their database server.

Besides, regarding the kind of information he got, ZDNet stated,

Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available. For 61 million users, password hashes were also present in the database… For other users, the stolen information included Google tokens.

Investigations Continue

Following the discovery of the incident, Canva took steps to contain the attack. They also acted quickly to inform users, as they notified them of an ‘in-progress’ attack. Nonetheless, the content of the emails, particularly the initial lines, failed to deliver the message. It appeared more of a promotional email rather than a security notice. Nonetheless, they also sent emails with modified text to some users depicting a rather clearer message. They also notified via their Twitter account:

They also assured they have involved relevant security agencies to investigate the matter.

We are working with a forensics team that specializes in these types of attacks and the FBI to diagnose exactly what happened and are putting processes in place to help prevent another attack.

In addition, as a security precaution, they advise users to change their Canva passwords.

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!