Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

GnosticPlayers Return with Breach of Australian Photo Editing Company Canva

The GnosticPlayers have come back with yet another breach, this time it was the Australian online photo editing company, Canva. Some of the breaches which the GnosticPlayers have been somewhat older, however, this is not the case with the Canva breach. According to the GnosticPlayers they gained access to the Canva servers back in February 2019 and continued to pull information off the servers until May 17th when Canva discovered the breach and closed down access to the server. According to Canva, the group accessed the data of 139 million users including names, email addresses, and registered locations, as well as 61 million hashed and salted passwords. Canva has already reached out to affected users encouraging them to change their passwords and enable two-factor authentication.

Analyst Notes

This breach continues to illustrate GnosticPlayers desire to maintain the attention they have been receiving over the past year as well as the funds they are making through the sale of all of these stolen details online, it is unlikely that the group will be going away anytime too soon.