Get the most important digital marketing news each day. Sign up for our NEW daily brief.

Note: By submitting this form, you agree to Third Door Media's terms. We respect your privacy.

Canva urges users to change passwords following data breach affecting up to 139 million users

The cyber attack comes on the heels of the company's recent acquisition of Pexels and Pixabay, underscoring Canva's efforts to engage more marketers and designers.

Taylor Peterson on May 28, 2019 at 11:02 am

Graphic design toolset Canva is advising users to change their login credentials after the company’s database was reportedly compromised in a cyber attack Friday.

The attack targeted usernames and email addresses, affecting up to 139 million users globally. Passwords were also obtained, but Canva assured users that passwords have been “salted and hashed with bcrypt,” meaning they remain unreadable by third parties. The platform recommends that users change their passwords as a precaution.

“Our teams have been working around the clock to investigate the attack and communicate with our customers,” Canva said on Monday. “We are continuing to investigate and are being thorough and methodical with our examinations… We have also engaged forensic experts to investigate the incident.”

Why we should care

Canva is known to provide a wide range of free (or low-cost) creative tools and stock designs, making it an attractive platform for small marketing teams and novice designers. The platform has been working to deliver more resources and graphic toolkits with the recent acquisition of stock photo services Pexels and Pixabay – as well as a recently-launched subscription service for premium images, Photos Unlimited.

While the new tools may prove to be a valuable creative resource for marketing teams, those who use (or have used) Canva should be wary of the security breach and change passwords before diving back in.

More on what happened

Canva said there is currently no indication that user designs were stolen by the hackers, and that credit card details remain safe and “confidential.”
Those using Facebook or Google to login to Canva were reportedly not affected by the breach.

About The Author

Taylor Peterson

Taylor Peterson is Third Door Media’s Deputy Editor, managing industry-leading coverage that informs and inspires marketers. Based in New York, Taylor brings marketing expertise grounded in creative production and agency advertising for global brands. Taylor's editorial focus blends digital marketing and creative strategy with topics like campaign management, emerging formats, and display advertising.