Canva Data Breach 2019

Canva Data Breach

Canva
Date: May 24, 2019
Number of records breached: 139 million

Information exposed: The largest category of information accessed during this hack was Personal information that reportedly compromised the data of approximately 139 million users. Hackers stole personal information of over 100 million of its users including their names, email addresses and encrypted passwords.Exposed data included usernames, email addresses, and encrypted passwords, which were salted and hashed with the bcrypt algorithm. Actual customer names and city and country information were also accessed.“I download everything up to May 17,” the hacker reportedly said. “They detected my breach and closed their database server.” The report identifies the culprit. No credit card account numbers or Design credentials were compromised Canva team announced. Canva also said it is engaging with both forensic experts and law enforcement authorities, including the FBI..

Description: This data breach ranks as one of the biggest in history. A hacker named Gnosticplayers, that so far this year has attempted to hawk the stolen data of nearly one billion online accounts, via a dark web marketplace.

According to Canva, Gnosticplayers completed his hack on May 24, 2019. The stolen information included Google tokens, which users had used to sign up for the site without setting a password.

The data breach has been a costly one. Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account. One expected to suffer from $100 million to $150 million in costs related to the hack. “Our teams have been working around the clock to investigate the attack and communicate with our customers,” the company statement reads. “We are continuing to investigate and are being thorough and methodical with our examinations in order to understand all aspects of the incident and provide the best advice to our customers.”