Cyber Attack on Canva leaks passwords

Canva, an online tool which offers various graphic designing options to its users has released an official statement in the last weekend stating that a cyber attack on its database has led to the leak of its user’s passwords on May 24th, 2019.

The Australian tech startup has however assured that the leaked passwords were in salted form- means they were highly encrypted and were outside the reach to hackers or any third parties. But as a precautionary measure, the Sydney based company is urging its users to change their passwords on an immediate note.

Scribes working for Cybersecurity Insiders have learned that the hackers have also managed to access usernames and passwords during the hack.

“We have taken note of the incident and have taken all necessary steps to determine the nature and impact of the cyber incident. The law enforcement has been informed about the hack and a third party analysis on the cyber attack is awaited!” says the company statement.

Canva adds that it is 100% committed to protecting the data and privacy of all its users and will take necessary steps to safeguard their info in the future. The graphics as a service offering company added in its statement that there is no evidence that user designs were stolen in the incident.

In the meantime, Canva officially notified The Australian Cyber Security Center (ACSC) about the incident on Saturday last week.

Note 1- Those using the service with their Google or Facebook credentials remained unaffected by the data breach. So, they are not required to change their password.

Note 2- Founded in 2012 by Melanie Perkins, the company has now reached a valuation of $1 billion to earn a moniker of a tech Unicorn. Recently, that is in June 2018 the company partnered with cloud company ‘Dropbox’ to integrate all its user designs and images into the cloud-based infrastructure.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display