Australian graphic design company, Canva, has announced that it was hit by a data breach. The company is currently asking its users to change their passwords.
On the company’s website, Canva wrote: “On May 24, we became aware of a security incident. As soon as we notified, immediately took steps to identify and remedy the cause, and have reported the situation to authorities (including the FBI).”
The company reported that the cybersecurity incident resulted in a number of usernames and email addresses being accessed. The hackers behind the attack were also able to obtain passwords of the users in their encrypted form. The passwords though were salted and hashed with bcrypt they remained unreadable by external parties. But the users who had accessed their Canva accounts through Facebook and Google remained unaffected by the breach.
According to some media reports, about 137,500 unique records and 1,680 supporting documents were accessed. These included property valuations and personal contact information of some borrowers, lenders, homeowners, residents and property agents.
Canva was founded in 2012 and has over 10 million users today. It earned its ‘unicorn’ status in January 2018 when it was valued at $1 billion.