Canva, a Sydney-based startup that’s behind the eponymous graphic design service, was hacked earlier today, ZDNet has learned.
Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet.
Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world.
Hack took place this morning
Today, the hacker contacted ZDNet about his latest hack, involving Australian tech unicorn Canva, which he said he breached just hours before, earlier this morning.
“I download everything up to May 17,” the hacker said. “They detected my breach and closed their database server.”
Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available.
For 61 million users, password hashes were also present in the database. The passwords where hashed with the bcrypt algorithm, currently considered one of the most secure password-hashing algorithms around.
For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password.
Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account.
ZDNet requested a sample of the hacked data, so we could verify the hacker’s claims. We received a sample with the data of 18,816 accounts, including the account details for some of the site’s…