Canva user data exposed in large scale hack

27 May 2019, Written by David Simmons

Canva user data exposed in large scale hack

Australian design tool Canva has been hacked, exposing sensitive user data.

Yesterday the startup confirmed a number of usernames and email addresses were accessed as part of the hack which occurred on Friday, May 24.

According to Canva, passwords were obtained in their encrypted form, meaning they remain unreadable for external parties.

Nevertheless, the tech startup has recommended users change their passwords as soon as possible.

Those who use Facebook or Google to log in to Canva are also not going to be impacted by the hack as those credentials are encrypted and unreadable by third parties.

READ MORE: Facebook confirms millions of passwords compromised

The company says no designs were accessed as part of the hack and no credit card or payment information was exposed as the company does not store that information.

"As soon as we became aware, Canva immediately took steps to determine the nature and scope of the problem, and alerted law enforcement," says Canva.

"We are working with a forensics team that specializes in these types of attacks and the FBI to diagnose exactly what happened and are putting processes in place to help prevent another attack.

"We are committed to protecting the data and privacy of all of our users and will be implementing every possible safeguard to ensure this doesn't happen again."

READ MORE: Meet the young CEO of a leading international cyber security firm

Canva recently completed a $100 million funding round, valuing the Aussie startup at $3.6 billion. This valuation came just days after it completed the acquisition of stock photo companies Pexels and Pixabay.

The Canva hack follows an expensive data breach of property valuer LandMark White earlier this year.

LandMark White says the breach, which led to the company being suspended from the Big Four bank panels for property valuations, has resulted in a loss of revenue of approximately $5-6 million.

Approximately a further $1 million of revenue is likely to be lost between now and the date of full reinstatement by the remaining financial institutions.

The data breach meant approximately 137,500 unique records and approximately 1,680 supporting documents were accessed, including property valuations and the personal contact information of some borrowers, lenders, homeowners, residents and property agents.

This data remained accessible on the dark web for 10 days.

READ MORE: LandMark White's data breach just the beginning for cyber criminals

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Author: David Simmons





Contact us

Email News Update Sign Up Contact Details

PO Box 1487
Mudgeeraba QLD 4213

LoginTell a FriendSign Up to Newsletter