Web Design » Canva » How Did the Hackers Get Into Canva?

How Did the Hackers Get Into Canva?

Last updated on September 27, 2022 @ 6:32 pm

As more and more businesses move online, data breaches have become an increasingly common occurrence. In May 2019, graphic design platform Canva suffered a data breach that exposed the personal information of over 139 million users. So, how did the hackers get into Canva?

To understand how the hackers got into Canva, it’s important to first understand a bit about how Canva works. Canva is a cloud-based graphic design platform that allows users to create professional-looking designs without any prior design experience. Users can choose from a library of over 1 million stock images, illustrations, and fonts, or they can upload their own images and files.

Canva stores all of its user data, including passwords, in an encrypted format. However, the company uses a single encryption key for all of its users’ data. This means that if a hacker were to obtain this key, they would be able to access all of Canva’s user data.

PRO TIP: If you use Canva, be aware that hackers have broken into the system and have access to your account information. They may also have access to your credit card information if you have used Canva to pay for services. Change your password immediately and monitor your account for any unusual activity.

It’s believed that the hackers were able to obtain this encryption key by accessing Canva’s Amazon Web Services (AWS) account. AWS is a cloud computing platform that provides Canva with the infrastructure it needs to operate. Once the hackers had access to Canva’s AWS account, they would have been able to obtain the encryption key and decrypt all of the user data.

Canva has not released any information about how the hackers were able to access its AWS account. However, it’s possible that they were able to gain access through phishing or by using stolen credentials.

Phishing is a type of cyber attack in which hackers send fake emails or texts that appear to be from a legitimate source in order to trick people into giving them sensitive information. stolen credentials are simply login details that have been obtained by someone other than the rightful owner.

How Did the Hackers Get Into Canva?
The hackers got into Canva by accessing the company’s Amazon Web Services (AWS) account. Once they had access to this account, they were able to obtain an encryption key that allowed them to decrypt all of Canva’s user data. It’s possible that the hackers were able to gain access to this account through phishing or by using stolen credentials.

Kathy McFarland

Kathy McFarland

Devops woman in trade, tech explorer and problem navigator.