Warning for all Canva users.
Compromised accounts and decrypted passwords.
On the 11th January 2020, Canva became aware of a list of 4 million Canva accounts containing user passwords [Canva Security Notice].
Although the list was stolen back in May 2019, hackers have spent the last 7 months decrypting the passwords. These passwords were released on the Dark Web in the last few weeks.
We are seeing lots of these compromised accounts appearing in our Dark Web monitoring tools.
The biggest risk to your business is password re-use. Some staff may have used their work password (or a similar variant) to create their Canva account. Hackers potentially have the login details for your work accounts. You can read more about the issue in another recent post.
Advise your staff to change their work passwords if they had subscribed to Canva and may have used a similar password.
We're also happy to send you a free Dark Web compromise report. You can get it below. Contact us if you have any concerns about this breach or other cybersecurity threats.