GnosticPlayers hacked Canva graphic design server and stole data 139 million users

In February-March 2019, a hacker (or a group of hackers), hiding under the pseudonym GnosticPlayers, put up for sale on the Dream Market marketplace data for 863 million users.

The dumps did not appear immediately, but were broken up into four separate “lots” and in total they included information about users and customers of 38 companies. In April, GnosticPlayers returned with the fifth “collection” of users’ data, putting up for sale data of another 65.5 million people, leaked from six different companies.

The ZDNet publication reports that after a short silence, hacker resumed activity, and this time he reported about hacking of Australian graphic design service Canva, which is included in the Top-200 sites in the Alexa rating.

According to GnosticPlayers, he compromised Canva at the end of last week.

“I download everything up to May 17, they detected my breach and closed their database server”, – the hacker said.

Nevertheless, hacker managed to steal the data of 139 million people.

Stolen information included usernames, full names, email addresses, as well as data on the city and country of residence (if specified). In addition, the database had password hashes for 61 million users protected by bcrypt, as well as Google tokens that were used to access the site without a password.

ZDNet journalists received from the hacker a “sample” database: data on 18,816 accounts, including accounts of some employees and site administrators. These data helped the publication to establish the reliability of the dump.

ZDNet representatives contacted Canva employees, notifying them of the incident and asking for a comment.

“We securely store all of our passwords using the highest standards (individually salted and hashed with bcrypt) and have no evidence that any of our users’ credentials have been compromised. As a safeguard, we are encouraging our community to change their passwords as a precaution”, – the Canva said.

Nevertheless, Canva conducts careful investigation of the incident and recommends users change passwords as a precaution..

Meanwhile, after Canva is compromised, GnosticPlayers will have 45 hacked companies and over a billion stolen users’ data.

Source: https://www.zdnet.com