Skip to main content

Online graphic-design tool Canva hacked; 139 million accounts stolen


Canva has contacted the FBI to investigate the data breach.

Canva, an online graphic-design tool website operated from Australia has suffered a massive data breach in which personal data of over 139 million registered users has been stolen – The breach took place on Friday, May 24.
The stolen data includes usernames, real names, email addresses, city, and country information, etc. Canva, on the other hand, has acknowledged the breach and notified users in an email claiming that their payment card and other financial data is safe.
The company further maintains that the stolen passwords are in an encrypted format and “unreadable by external parties.”
“We’re aware that a number of our community’s usernames and email addresses have been accessed. The hackers also obtained passwords in their encrypted form (for technical people – all passwords were salted and hashed with bcrypt). This means that our user passwords remain unreadable by external parties.,” Canva said in an email sent to its users
According to ZDNet, out of 139 million, 61 million users had their passwords encrypted with the bcrypt algorithm which is pretty secure format when it comes to cracking. Moreover, the data included Google tokens used by customers to log into Canva without registering an account.
In total, 78 million users had their Gmail based email addresses exposed in the breach, ZDNet who examined the sample data has confirmed.
Canva lets users sign in with their Facebook and Gmail account however while addressing the incident, the company assured users that their Facebook and Google credentials are also encrypted and unreadable by external parties and there is no need to change Facebook or Gmail password.
The incident has been reported to law enforcement authorities in Australia as well as to the Federal Bureau of Investigation (FBI). 
The hacker involved Canva breach goes by the handle of GnosticPlayers who happens to be the same individual behind large scale data breaches in February this year involving sensitive data stolen from several companies including Gfycat. The data (126 million and 92 million accounts)  was then sold on Dream dark web marketplace.
If you have an account on Canva, change its password right now. Also, change the password of the email address which you have been using to sign into the website. Read more about the breach on Canva’s security incident FAQ page
Labels:

Comments

  1. Laura BushFebruary 22, 2021 at 11:29 AM

    Wow, quel excellent message. J'ai vraiment trouvé cela très instructif. C'est ce que je cherchais. Je voudrais vous suggérer de continuer à partager ce type d'informations. agence de graphisme en ligne

    ReplyDelete

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more