Canva design site asks users to choose new password after data breach
Australian design tool Canva asks its users to set a new password after hackers gain access to personal data. A number of usernames, email addresses and encrypted passwords were stolen during the data breach.
Canva, an online service where users can design all kinds of documents, announced the data breach itself via its website and in an email to users. In the break-in, which was discovered last Friday, the attackers got hold of passwords in addition to ‘a few’ usernames and email addresses. However, Canva emphasizes that these passwords are hashed and salted with bcrypt, which would provide adequate protection against decryption by third parties. Nevertheless, the service advises users to change their passwords in order to ‘be on the safe side’.
According to Canva, there are no indications that the attackers also gained access to the users’ graphic designs. Canva said it immediately notified authorities, including the FBI, and took steps to identify and fix the source of the data breach.
The online design tool has more than 130 million users, according to the Australian news site CRN. Exactly how many people are affected by the hack has not been disclosed.