Graphic design toolset Canva is advising users to change their login credentials after the company’s database was reportedly compromised in a cyber attack Friday.
The attack targeted usernames and email addresses, affecting up to 139 million users globally. Passwords were also obtained, but Canva assured users that passwords have been “salted and hashed with bcrypt,” meaning they remain unreadable by third parties. The platform recommends that users change their passwords as a precaution.
“Our teams have been working around the clock to investigate the attack and communicate with our customers,” Canva said on Monday. “We are continuing to investigate and are being thorough and methodical with our examinations… We have also engaged forensic experts to investigate the incident.”
Why we should care
Canva is known to provide a wide range of free (or low-cost) creative tools and stock designs, making it an attractive platform for small marketing teams and novice designers. The platform has been working to deliver more resources and graphic toolkits with the recent acquisition of stock photo services Pexels and Pixabay – as well as a recently-launched subscription service for premium images, Photos Unlimited.
While the new tools may prove to be a valuable creative resource for marketing teams, those who use (or have used) Canva should be wary of the security breach and change passwords before diving back in.
More on what happened
- Canva said there is currently no indication that user designs were stolen by the hackers, and that credit card details remain safe and “confidential.”
- Those using Facebook or Google to login to Canva were reportedly not affected by the breach.