Hacker GnosticPlayers, claims to have stolen data of 139 million Canva users, including customer usernames, real names, emails, and city and country information where available.
The popular Sydney-based startup, Canva, specializes in graphic design services and is ranked #170 within the Alexa website traffic rank. The company just announced raising $70 Million in Series-D funding at a $2.5 billion valuation.
On a positive note, Canva stored salted and hashed passwords for 61 million users using the secure bcrypt algorithm, while 78 million used Google tokens to authenticate into the app --- all also retrieved by GnosticPlayers. Canva has encouraged password resets as a precaution to their users.
This attack is all a part of GnosticPlayers' goal to steal one billion user credentials, now achieved at 1,071 billion credentials from 45 companies.
Canva, a Sydney-based startup that's behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned. Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet. Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world. Hack took place this morningToday, the hacker contacted ZDNet about his latest hack, involving Australian tech unicorn Canva, which he said he breached just hours before, earlier this morning. "I download everything up to May 17," the hacker said. "They detected my breach and closed their database server."