Canva Data Breach Information: Millions User Details Stolen Within a Week
In a recent disclosure, company has revealed that the personal data of over 139 million users has been compromised and leaked on the dark web. Canva stated that on 24th May 2019, it realized that the personal details such as email ids and passwords of its users were stolen.
The company soon reported the breach to the Federal Bureau of Investigation (FBI) and other concerned Authorities, so the formal investigation is yet to be concluded. While the formal investigation is in progress, all fingers are pointing at Gnostic Players, who reportedly “…tipped off…” ZNet and have taken responsibility for the act.
A word about Gnostic Players
It may be noted that Gnostic Players is the infamous Hacker, responsible for leaking out enormous amounts biggest data breaches of user details. Over a short span, the Threat Actor has leaked close to a billion user records, and this includes data stolen from over 40 companies.
The Hacker has reportedly been selling this data on the dark web for 1.24 Bitcoin, which is close to $10,800. While the Canva Data Breach may seem like yet another data theft, there could be more to it.
Unveiling the “Real” Motive
Canva, a subsidiary of Zeetings Pty Ltd. had recently received a huge round of funding of $70 million, after which Canva was valued close to $1.25 billion. It is worth noting that this enormous data breach took place within less than a week of Canva receiving the funding, which does not seem like a co-incident.
What Canva has to say about company data breach?
Since 24th May 2019, Canva has been taking all the necessary measures, to inform and educate its customers about the current situation and has sent out emails requesting users to take note of the situation and change their passwords, as a precautionary measure.
Canva has stated that although its passwords have been compromised, but they are encrypted and therefore there’s not much to worry about. However, Canva does not throw any clarity about whether or not the designs of its users were accessed or stolen. It may be noted that the designs and other art work are the intellectual property of the user.
What has been stolen?
Canva was quick to comment that it does not store any financial data of its users and that all its communication connected to online payments are made through highly secure and encrypted connections.
However, they admitted that the email Ids and passwords of Canva users were stolen by the miscreants, who later leaked it on the dark web. While the investigations are on, the motive of the Threat Actors appears a lot more heinous than what has been discovered until now.
Canva further clarified that all the passwords have been “…salted and hashed with bcrypt…”. This ensures that unless you have a really weak password such as ‘abcdef’, you’ve got nothing to worry about. However, if a Threat Actor is absolutely keen on accessing the password, he may do so. So, basically like all “foolproof” cyber security data measures, even this one only makes it difficult for the Threat Actor to decode the passwords, but definitely not impossible.
According to ZNET, Team Gnostic Players has provided the proof of its involvement in the Canva case, to convince ZNET. This persistent move by the Threat Actors further increases the possibility that our theory about a corporate war could turn out to be true, in due course. Breach Report is hooked on to this investigation, and shall chronicle any findings that the FBI and other Authorities reveal to us.
Originally published at https://breachreport.com/news on May 30, 2019
