Canva 2019 data breach: Difference between revisions

Line 7:

==[Incident]==

The attack was linked to a group known as GnosticPlayers.<ref>{{Cite web ~~|title=~~ |url=https://www.~~sophos~~.com/en-us/~~blog~~/~~millions~~-of-canva-users-data-~~stolen~~-as-~~gnosticplayers~~-~~strikes~~-~~again~~ |~~url~~-~~status~~=~~dead |website=[[Sophos]]~~}}</ref> The group claimed to exfiltrate data and offered it for sale on breached forums, with motives of financial gain. The breach was caused by credential stuffing and credential cracking.<ref>{{Cite web |last=Minh Hieu Nguyen Ba |last2=Bennet |first2=Jacob |last3=Gallagher |first3=Michael |last4=Bhunia |first4=Suman |title=A Case Study of Credential Stuffing Attack: Canva Data Breach |url=https://ieeexplore.ieee.org/document/9799087 |url-status=live |website=[[IEEE Xplore]] |publisher=[[IEEE]]}}</ref> Passwords were hashed with bcrypt; however, they were later decrypted.

The attack was linked to a group known as GnosticPlayers.<ref>{{Cite web|url=https://www.packtpub.com/en-us/learning/how-to-tutorials/canva-faced-security-breach-139-million-users-data-hacked-zdnet-reports|title=Canva faced security breach, 139 million users data hacked: ZDNet reports|first=Fatema|last=Patrawala|work=Packt|date=2019-05-28|access-date=2026-04-27}}</ref> The group claimed to exfiltrate data and offered it for sale on breached forums, with motives of financial gain. The breach was caused by credential stuffing and credential cracking.<ref>{{Cite web |last=Minh Hieu Nguyen Ba |last2=Bennet |first2=Jacob |last3=Gallagher |first3=Michael |last4=Bhunia |first4=Suman |title=A Case Study of Credential Stuffing Attack: Canva Data Breach |url=https://ieeexplore.ieee.org/document/9799087 |url-status=live |website=[[IEEE Xplore]] |publisher=[[IEEE]]}}</ref> Passwords were hashed with bcrypt; however, they were later decrypted.

The data exfiltrated from the breach included: email addresses, real names, cities and countries of residence, public profile data, and partially hashed passwords (for users logged in directly with Canva, not externally). Payment data was not accessed.

@@ Line 7: / Line 7: @@
 ==[Incident]==
-The attack was linked to a group known as GnosticPlayers.<ref>{{Cite web |title= |url=https://www.sophos.com/en-us/blog/millions-of-canva-users-data-stolen-as-gnosticplayers-strikes-again |url-status=dead |website=[[Sophos]]}}</ref> The group claimed to exfiltrate data and offered it for sale on breached forums, with motives of financial gain. The breach was caused by credential stuffing and credential cracking.<ref>{{Cite web |last=Minh Hieu Nguyen Ba |last2=Bennet |first2=Jacob |last3=Gallagher |first3=Michael |last4=Bhunia |first4=Suman |title=A Case Study of Credential Stuffing Attack: Canva Data Breach |url=https://ieeexplore.ieee.org/document/9799087 |url-status=live |website=[[IEEE Xplore]] |publisher=[[IEEE]]}}</ref> Passwords were hashed with bcrypt; however, they were later decrypted.
+The attack was linked to a group known as GnosticPlayers.<ref>{{Cite web|url=https://www.packtpub.com/en-us/learning/how-to-tutorials/canva-faced-security-breach-139-million-users-data-hacked-zdnet-reports|title=Canva faced security breach, 139 million users data hacked: ZDNet reports|first=Fatema|last=Patrawala|work=Packt|date=2019-05-28|access-date=2026-04-27}}</ref> The group claimed to exfiltrate data and offered it for sale on breached forums, with motives of financial gain. The breach was caused by credential stuffing and credential cracking.<ref>{{Cite web |last=Minh Hieu Nguyen Ba |last2=Bennet |first2=Jacob |last3=Gallagher |first3=Michael |last4=Bhunia |first4=Suman |title=A Case Study of Credential Stuffing Attack: Canva Data Breach |url=https://ieeexplore.ieee.org/document/9799087 |url-status=live |website=[[IEEE Xplore]] |publisher=[[IEEE]]}}</ref> Passwords were hashed with bcrypt; however, they were later decrypted.
 The data exfiltrated from the breach included: email addresses, real names, cities and countries of residence, public profile data, and partially hashed passwords (for users logged in directly with Canva, not externally). Payment data was not accessed.