Australian online design tool, Canva, is the latest to join the bandwagon of victims of cyber attacks after hackers penetrated into the systems and stole data of nearly 140 million users.
The company stated in a release that usernames and email addresses of customers were accessed as part of the hack which occurred on May 24. On the bright side, the passwords remain encrypted, thereby being unreadable to external parties. A majority of users use Google and Facebook accounts to log in to passwords. According to the firm, even these credentials remain unreadable as they were encrypted like the former. But, as a precautionary measure, the startup has asked customers to change their passwords at the earliest.
Also, no credit card details or designs were accessed by hackers in the attack. “As soon as we became aware, Canva immediately took steps to determine the nature and scope of the problem, and alerted law enforcement,” read a statement from Canva. “We are working with a forensics team that specializes in these types of attacks and the FBI to diagnose exactly what happened and are putting processes in place to help prevent another attack. We are committed to protecting the data and privacy of all of our users and will be implementing every possible safeguard to ensure this doesn’t happen again.”
Canva had recently acquired stock photo companies Pexels and Pixabay, and also had recently raised $100 million in funding. Currently, the firm is valued at $3.6 billion. Launched in 2012, the company currently has millions of users strewn across in nearly 180 countries. According to Canva, users create 10 design every second using their online design tools.
Amid this, Canva has also been criticized by cybersecurity experts for the way it handled the attack and notified the customers. The statement from the company about the hack began with the news of the company’s latest acquisitions and then went on to notify the customers about the attack as a side note. Several experts have called it a marketing fluff.