Canva Hacked Featured Image
Tech News

Canva Hacked – 139 million users’ data stolen by the Hacker
Hacker claims to have stolen about 139 million users’ data including Passwords and Google Tokens

If you’re a graphic designer, you must know about Canva. That awesome graphics design service to save a lot of your time. The website with an easy interface and numerous templates. But here is bad news for you and every Canva user. Canva gets hacked yesterday. The hacker claims to access millions of users’ data. Canva has officially confirmed the news. The Australian tech company is a well-known service for graphic design. The website and its smartphone application offer quick graphics design solutions. It provides services like web design, logos, and many other graphic design works.

Canva Hacked – 139 million users’ data stolen by the Hacker:

The hack was firstly reported by the hacker himself to ZDNet. Hacker claims that he has stolen about 139 million users’ data. According to ZDNET, the hacker named GnosticPlayers contacted them on Friday morning. He told ZDNet:

“I download everything up to May 17. They detected my breach and closed their database server.”

The stolen data includes various assets like usernames, emails, location info, etc. Not only these but also over 61 million passwords get breached. According to Canva’s Status, the passwords were encrypted via a salted bcrypt hash. Other breached information contains Google tokens. These tokens let users to login without password. 78 Million users’ Gmail connected to the Canva. As proof, the hacker sent data of 18000 users including site staff to ZDNET.

Read About: Top 5 Apps For Graphic Designing

POC of Canva Hacked
POC of Canva Hacked

Canva fixed the issue right after the attack:

Canva was aware of the breach on time and they took security measures immediately. The Tech unicorn Canva spokesperson told ZDNet that Canva came to know about the breach on time. The technical personnel turned down the servers. And the team took immediate actions to tackle the breach. But the hacker was able to access a number of usernames and email addresses. He further added, the hacker also got access to passwords. But we store passwords in secure encryption. Canva uses salted bcrypt hashes to encrypt the passwords. Also, no such evidence was found of users’ credentials got compromised.

Solution for infected users of Canva breach:

As a safeguard, Canva asked the users to change their passwords as a precaution. Furthermore, Canva also posted on its status blog. Moreover, a notification for changing passwords popped up to every user. Another news comes from Canva status blog is about downloads. Users were unable to download their projects. I am also a Canva user. I visited the site to download one of my projects. But I wasn’t able to download it. But later on, the technical team fixed that issue.

Canva Status Screenshot
Canva Status Screenshot

About the Hacker who hacked Canva:

The hacker is infamous for some other big data breaches also. The GnosticPlayers also hacked 44 companies worldwide since February 2019. Furthermore, he sold data 932 million users of these companies on the dark web too. Which is now 1.07 billion users’ data after Canva hacked.

Summary
Canva Hacked - 139 million users’ data stolen by the Hacker
Article Name
Canva Hacked - 139 million users’ data stolen by the Hacker
Description
The famous graphic design website Canva got hacked. Hacker claims to have stolen about 139 million users’ data including Passwords and Google Tokens.
Author
Publisher Name
Sprotechs
Publisher Logo
Shehriar Ahmad
Shehriar Ahmad Awan is the Co-founder of Sprotechs InfoSec. He's a Cybersecurity researcher, Penetration tester and Developer for Sprotechs team.
https://sprotechs.com