Canva Website

Are You a Canva User? You Need to Read This…

Canva is great tool for creating beautiful headers/banners/posters for social media or personal use, regardless of your graphic design skills. It has an easy to use interface and has all the essential features found in advanced design software to create stunning graphics.

It’s an online “freemium” service that provides most of it’s features for free, with the option to use paid add-ons. Just register on their site, login and …

Well, they got hacked. 139 million users had their data stolen.

Stolen data included details such as customer usernames, real names, email addresses, and city & country information, where available.

For 61 million users, password hashes were also present in the database. The passwords where hashed with the bcrypt algorithm, currently considered one of the most secure password-hashing algorithms around.

For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password. Google tokens expire and are renewed upon each login.

Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account.

So basically, it’s time to login to your Canva account and change your password. I received an email from Canva informing me of the hack and they supplied a link for me to easily change my password.

I didn’t click any of those links. Why not? How do I know they are legitimate? I can hover my mouse over the link and see the actual URL which is completely different. The real link is some sort of code filled tracking mechanism. It doesn’t even start with https:// Call me paranoid, but if you just got hacked, maybe include a link in your apology email that doesn’t look like a hacker trying to “get me” again.

Looks legit… It actually is, but how would the average user know?

So I don’t rely on (or trust) links embedded into emails, or even websites when it comes to resetting passwords due to a hack. Start a new browser session and actually type in the address or use your verified safe bookmark.

But you can use the link I provided above… it’s safe, I promise 😉… you didn’t right? You opened Chrome, Edge, Firefox, Opera or your preferred browser and typed in and then reset your password. Nicely done and it didn’t take that much longer, but was safer for sure.

It is also best practice to change the password of any other services or accounts where you used the same username/password combination.

Need some advice on usernames and passwords? I’ve written about that here.

Scroll to Top