Canva CEO and founder Mel Perkins
Australian design platform Canva’s customer database was attacked on Friday, with hackers stealing usernames and email addresses, as well as encrypted passwords.
Canva wrote to its customers on the weekend recommending they change their passwords as a precaution, while reassuring them that all user passwords were salted and hashed with bcrypt to make them unreadable by external parties.
The Sydney-based tech startup, which recently raised US$70 million, valuing the business at US$2.5 billion (AU$3.6bn) has been used by more than 15 million people in 190 countries.
Canva’s head of communications, Liz McKenzie, said the company discovered the attack on its systems while it was underway on May 24.
“As soon as we were notified we immediately took steps to identify and remedy the cause and have reported the situation to authorities,” she said.
“As a precaution, we recommend changing your Canva password. If you use the same email and password on other sites you should change the passwords on those sites too.
“Our team is working around the clock to deal with this situation, and we really appreciate your support and understanding.
“We are very sorry for any concern or inconvenience this may cause.”
The business is working with the US Federal Bureau of Investigations (FBI) and a forensics team to diagnose what happened and put additional processes in place to help prevent another attack.
“We are committed to protecting the data and privacy of all of our users and will be implementing every possible safeguard to ensure this doesn’t happen again,” the company said
It said logins via Facebook or Google are also encrypted and unreadable by external parties, so passwords on Facebook or Google don’t have to be changed.
They did not find evidence that the hackers accessed user designs and the company does not retain credit card information, and transactions are encrypted, so credit card details were not compromised, they said.
Earlier this month Canva announced it had acquired stock photography sites Pexels and Pixabay for undisclosed sums, as well as launching Photos Unlimited, which CEO and founder Melanie Perkins described as a “Netflix-style” subscription site for “more affordable” paid stock photography.