Canva website, victim of security breach

Posted date 30/05/2019

Canva, a web site of graphic design and image composition tools, has suffered a security breach that has exposed data from 139 million users. The intrusion was detected on May 24, but it appears that the cybercriminal had been collecting data since at least May 17.

The data collected by the attacker contained both personal and private information, including: username, real name, email, residence information, and password hashes for 61 million users, although they use the bcrypt algorithm. From some users, it also obtained the Google tokens used to register without the need for a password.

Canva has indicated in a press release that they have contacted the affected users and, although in principle they ensure that the password is secure, they recommend changing it.