data breach

Users of popular graphic design company Canva have been exposed to a data breach. The cyber attack was by the same hacker responsible for the recent Zynga games attack Gnosticplayers, who earlier this year put the credentials of 620 million accounts from 16 websites up for sale. Canva is advising users to change their login password after the company’s database was reportedly compromised in the hacking attack.

The attack targeted usernames and email addresses, affecting up to 139 million users globally. Passwords were also obtained, but Canva assured users that passwords have been “salted and hashed with bcrypt,” meaning they remain unreadable by third parties. The platform recommends that users change their passwords as a precaution.

Canva is known to provide a wide range of free (or low-cost) creative tools and stock designs, making it an attractive platform for small marketing teams and novice designers.  Those who use (or have used) Canva should be wary of the security breach and change passwords before diving back in.

  • Canva said there is currently no indication that user designs were stolen by the hackers, and that credit card details remain safe and “confidential.”
  • Those using Facebook or Google to login to Canva were reportedly not affected by the breach.

If you use Canva, you can check on a site called Have I Been Pwned:  https://haveibeenpwned.com/ enter your login email, and this will show if your account has been compromised in a data breach. If the breach that you are pwned in occurred after the GDPR regulation came into force on the 25th of May 2018, you may be entitled to compensation and you should seek legal advice regarding this.