Web Design » Canva » How Did the Canva Attack Occur?

How Did the Canva Attack Occur?

Last updated on September 27, 2022 @ 10:20 pm

Earlier this week, popular design platform Canva suffered a data breach that exposed the email addresses and passwords of nearly 150 million users. Canva has since reset the passwords of all affected accounts and is in the process of investigating the incident.

So far, it seems that the Canva attack was carried out by a hacker who goes by the name of Gnosticplayers. Gnosticplayers is the same hacker who was behind recent attacks on Chegg and Dun & Bradstreet.

According to Motherboard, Gnosticplayers claims to have obtained the Canva data from an unnamed “underground community forum.” It’s unclear how Gnosticplayers was able to access this forum, but it’s possible that he or she used stolen credentials from another site to gain access.

Once inside the forum, Gnosticplayers allegedly found a database backup from Canva that contained information on nearly 150 million users. This backup included information such as names, email addresses, and hashed passwords.

Gnosticplayers then reportedly attempted to sell the Canva data on the forum for roughly $50,000 in Bitcoin. However, it’s unclear if anyone ended up purchasing the data.

Canva has confirmed that a data breach occurred and that email addresses and passwords were exposed. However, Canva says that no payment information or other sensitive data was compromised in the attack.

How Did the Canva Attack Occur?

It seems that the Canva attack was carried out by a hacker who goes by the name of Gnosticplayers.

PRO TIP: The Canva attack occurred when a hacker gained access to the company’s servers and stole employee and customer data. The hacker then posted the data online. This data includes names, email addresses, and passwords. Canva has since reset all affected passwords and is working with law enforcement to investigate the incident.
Madison Geldart

Madison Geldart

Cloud infrastructure engineer and tech mess solver.