The graphic design website Canva was hacked last Friday, reportedly compromising the data of approximately 139 million users.
According to an online support page, the Sydney-based company detected the attack while in progress on 24 May, and immediately took action to fix the cause of the breach.
Exposed data included usernames, email addresses, and encrypted passwords, which were salted and hashed with the bcrypt algorithm. Actual customer names and city and country information were also accessed, according to ZDNet, which was contacted by the hacker.
"I download everything up to 17 May," the hacker reportedly said. "They detected my breach and closed their database server." The report identifies the culprit as Gnosticplayers, a hacker that so far this year has attempted to hawk the stolen data of nearly one billion online accounts, via a dark web marketplace.
Customer designs and payment card information were not impacted, Canva’s team announced. "Our teams have been working around the clock to investigate the attack and communicate with our customers," the company statement reads.
"We are continuing to investigate and are being thorough and methodical with our examinations in order to understand all aspects of the incident and provide the best advice to our customers."
Canva also said it is engaging with both forensic experts and the US law enforcement authorities, including the FBI.
This article was originally published on SC Media US.