A hacker (or group of them) with the online name GnosticPlayers contacted ZDNet and told them about the hack. He acquired 139 million Canva users’ account data before Canva found out and shut down their database server.
GnosticPlayers also posted this information on the dark web. That is, the part of the web that’s not indexed by search engines, allows users to remain anonymous. Since February, GnosticPlayers hacked 44 company websites around the world. What’s more, he put the data of 932 million users up for sale on the dark web. It’s very likely we’re all part of that group.
I logged into Canva some time ago and checked it out because tech marketing guru Guy Kawasaki promoted it. I wasn’t impressed, but a lot of people are. Indeed, Canva is now a tech “unicorn,” i.e., a privately held company valued at more than $1 billion.
Canva allows users to log in with their Facebook or Google account. According to the ZDNet story, 78 million of those hacked accounts used Gmail accounts to log in. For my review, I didn’t sign up for a Canva account or use my Gmail account to log in; I used my Facebook account. When I read the report of the Canva data breach, changed my Facebook and Google passwords this past weekend.
This breach slid under the radar here in the U.S. because of the Memorial Day holiday weekend. If you’re hearing about the Canva data breach for the first time, change your Facebook and Gmail passwords now.
What’s more, change all your social media and Google passwords regularly. We don’t know when we’ll hear about the next data breach, but it’s clear one will come.