Canva user data exposed in large scale hack
Written on the 27 May 2019 by David Simmons
Australian design tool Canva has been hacked, exposing sensitive user data.
Yesterday the startup confirmed a number of usernames and email addresses were accessed as part of the hack which occurred on Friday, May 24.
According to Canva, passwords were obtained in their encrypted form, meaning they remain unreadable for external parties.
Nevertheless, the tech startup has recommended users change their passwords as soon as possible.
Those who use Facebook or Google to log in to Canva are also not going to be impacted by the hack as those credentials are encrypted and unreadable by third parties.
The company says no designs were accessed as part of the hack and no credit card or payment information was exposed as the company does not store that information.
"As soon as we became aware, Canva immediately took steps to determine the nature and scope of the problem, and alerted law enforcement," says Canva.
"We are working with a forensics team that specializes in these types of attacks and the FBI to diagnose exactly what happened and are putting processes in place to help prevent another attack.
"We are committed to protecting the data and privacy of all of our users and will be implementing every possible safeguard to ensure this doesn't happen again."
Canva recently completed a $100 million funding round, valuing the Aussie startup at $3.6 billion. This valuation came just days after it completed the acquisition of stock photo companies Pexels and Pixabay.
The Canva hack follows an expensive data breach of property valuer LandMark White earlier this year.
LandMark White says the breach, which led to the company being suspended from the Big Four bank panels for property valuations, has resulted in a loss of revenue of approximately $5-6 million.
Approximately a further $1 million of revenue is likely to be lost between now and the date of full reinstatement by the remaining financial institutions.
The data breach meant approximately 137,500 unique records and approximately 1,680 supporting documents were accessed, including property valuations and the personal contact information of some borrowers, lenders, homeowners, residents and property agents.
This data remained accessible on the dark web for 10 days.
Business News Australia
Author: David Simmons