Skip to content Skip to footer

Understanding the Recent Canva Data Breach and How to Protect Your Accounts

Understanding the Recent Canva Data Breach and How to Protect Your Accounts

In today’s digital age, data breaches have become an unfortunate reality, affecting millions of internet denizens around the world.

One such incident involves Canva.com, a popular graphic design platform, which experienced a significant data breach in 2019. Although this breach occurred several years ago, the compromised data has only recently surfaced on the Dark Web, prompting renewed concerns about account security!

The Canva data breach occurred on May 25, 2019 and was initially reported in the same year. The significant incident affected approximately 139M users worldwide, accessing their user information without authorization. While no plain text passwords were exposed, the breach included other sensitive data that could potentially be exploited by malicious actors. The recent appearance of this data on the Dark Web has heightened the need for users to reassess their account security.

The breach was carried out by a hacker known as GnosticPlayers, who has been linked to several other high-profile data breaches throughout the years. Compromised data included usernames, real names, email addresses, and city and country information. For about 61M users, password hashes were also compromised. These passwords were hashed using the bcrypt algorithm, which is usually considered to be highly secure!

Fortunately, no credit card or other financial information was taken; although for users who signed up using Google, their stolen information did include Google tokens.

Canva responded promptly by securing their systems and notifying affected users. They also worked with law enforcement to investigate the incident. Users were advised to change their passwords as a precaution, especially if they reused passwords across different platforms.

This breach on Canva only highlights the importance of using robust security defenses and best practices. To enhance your overall online security, consider the 5 following best practices:

  1. Update Reused Passwords: Even though plain text passwords were not compromised in this particular case, it is crucial to update any passwords that may have been reused across different platforms after any data breach. This precaution helps prevent unauthorized access to other accounts that might share the same credentials.
  2. Monitor Business Accounts: For those using Canva for business purposes, rest assured that KPInterface is actively monitoring accounts for any signs of compromise. If any business accounts under our protection are affected, we will reach out with specific instructions.
  3. Review Personal Accounts: For personal Canva accounts or other platforms where similar credentials might have been used, it is advisable to review your security settings and update passwords as necessary.
  4. Use a Password Manager: A password manager can help you create and securely store unique passwords for each of your accounts. This tool is especially useful for managing business email addresses and ensuring that each account has a strong, unique password.
  5. Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password.

These are just a few of the best practices that help protect ALL of your accounts from any illegal access or leak. Keep up-to-date with the latest security alerts and recommendations from trusted sources. Being proactive about your online security can significantly reduce the risk of a data breach!

The resurfacing of the Canva data breach data on the Dark Web serves as a reminder of the importance of maintaining robust security practices. By updating passwords, using a password manager, and enabling two-factor authentication, you can protect your accounts from potential threats. Your commitment to a secure online presence is greatly appreciated…because it doesn’t just protect you, but also helps create a safer digital experience for us all.

Stay safe and secure online!