{
	"id": "faf36651-739c-4402-8fe1-add331010d03",
	"created_at": "2026-04-06T00:11:09.444219Z",
	"updated_at": "2026-04-10T03:25:21.61435Z",
	"deleted_at": null,
	"sha1_hash": "3e7df2b36537b96def1320055ce804840062de67",
	"title": "Australian tech unicorn Canva suffers security breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 307954,
	"plain_text": "Australian tech unicorn Canva suffers security breach\r\nBy Catalin Cimpanu\r\nPublished: 2019-05-24 · Archived: 2026-04-05 20:42:57 UTC\r\nCanva, a Sydney-based startup that's behind the eponymous graphic design service, was hacked earlier today,\r\nZDNet has learned.\r\nData for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off\r\nZDNet.\r\nResponsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February\r\nthis year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44\r\ncompanies from all over the world.\r\nHack took place this morning\r\nToday, the hacker contacted ZDNet about his latest hack, involving Australian tech unicorn Canva, which he said\r\nhe breached just hours before, earlier this morning.\r\n\"I download everything up to May 17,\" the hacker said. \"They detected my breach and closed their database\r\nserver.\"\r\nCanva sample data\r\nStolen data included details such as customer usernames, real names, email addresses, and city \u0026 country\r\ninformation, where available.\r\nFor 61 million users, password hashes were also present in the database. The passwords where hashed with the\r\nbcrypt algorithm, currently considered one of the most secure password-hashing algorithms around.\r\nhttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/\r\nPage 1 of 3\n\nFor other users, the stolen information included Google tokens, which users had used to sign up for the site\r\nwithout setting a password.\r\nOf the total 139 million users, 78 million users had a Gmail address associated with their Canva account.\r\nZDNet requested a sample of the hacked data, so we could verify the hacker's claims. We received a sample with\r\nthe data of 18,816 accounts, including the account details for some of the site's staff and admins.\r\nWe used this information to contact Canva users, who verified the validity of the data we received. We also\r\ncontacted the site's administrators, informing them of the breach and requesting an official statement.\r\n\"Canva was today made aware of a security breach which enabled access to a number of usernames and email\r\naddresses,\" a Canva spokesperson told ZDNet via email.\r\n\"We securely store all of our passwords using the highest standards (individually salted and hashed with bcrypt)\r\nand have no evidence that any of our users' credentials have been compromised. As a safeguard, we are\r\nencouraging our community to change their passwords as a precaution,\" the company said.\r\n\"We will continue to communicate with our community as we learn more about the situation.\"\r\nOne of the internet's biggest sites\r\nCanva is one of Australia's biggest tech companies. Founded in 2012, the Canva website has become a favorite\r\namong regular users and large companies who often use it to build quick websites, design logos, or put together\r\neye-catching marketing materials.\r\nSince its launch, the site has shot up the Alexa website traffic rank, and has recently entered the Top 200, currently\r\nranked at #170.\r\nThree days ago, the company announced it raised $70 million in a Series-D funding round, and is now valued at a\r\nwhopping $2.5 billion. Canva also recently acquired two of the world's biggest free stock content sites -- Pexels\r\nand Pixabay. Details of Pexels and Pixabay users were not included in the data stolen by the hacker.\r\nWith today's hack, GnosticPlayers has now stolen over one billion user credentials, a goal the hacker told ZDNet\r\nin previous interviews he was aiming for. If anyone's still keeping count, that's 1,071 billion credentials from 45\r\ncompanies.\r\nPrevious coverage of GnosticPlayers' hacks:\r\n- Round 1 + Round 2 [620 million + 127 million user records]\r\n- Round 3 [93 million user records]\r\n- Round 4 [26.5 million user records]\r\n- Round 5 [65.5 million user records]\r\nMore data breach coverage:\r\nChinese cyberspies breached TeamViewer in 2016\r\nhttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/\r\nPage 2 of 3\n\nGoogle says it stored some G Suite passwords in unhashed form for 14 years\r\nStack Overflow says hackers breached production systems\r\nRussian government sites leak passport and personal data for 2.25 million users\r\nStack Overflow hacker went undetected for a week\r\nUnsecured server exposes data for 85% of all Panama citizens\r\nFacebook passwords by the hundreds of millions sat exposed in plain text CNET\r\nFacebook data privacy scandal: A cheat sheet TechRepublic\r\nSource: https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/\r\nhttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/"
	],
	"report_names": [
		"australian-tech-unicorn-canva-suffers-security-breach"
	],
	"threat_actors": [
		{
			"id": "1609af91-e258-4058-9caa-59e7d171aecb",
			"created_at": "2022-10-25T16:07:24.491691Z",
			"updated_at": "2026-04-10T02:00:05.008935Z",
			"deleted_at": null,
			"main_name": "Gnosticplayers",
			"aliases": [],
			"source_name": "ETDA:Gnosticplayers",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "56d15cc7-f9c1-451f-bdde-8c283e3cf15b",
			"created_at": "2023-01-06T13:46:39.015288Z",
			"updated_at": "2026-04-10T02:00:03.181411Z",
			"deleted_at": null,
			"main_name": "Gnosticplayers",
			"aliases": [],
			"source_name": "MISPGALAXY:Gnosticplayers",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434269,
	"ts_updated_at": 1775791521,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e7df2b36537b96def1320055ce804840062de67.pdf",
		"text": "https://archive.orkl.eu/3e7df2b36537b96def1320055ce804840062de67.txt",
		"img": "https://archive.orkl.eu/3e7df2b36537b96def1320055ce804840062de67.jpg"
	}
}