In May 2019, Australian unicorn Canva experienced a substantial data breach, impacting 137 million users. A cybercriminal known as Gnosticplayers managed to breach Canva's security defenses but was detected by Canva's system monitoring for malicious activities. Despite the quick intervention, the hacker had already accessed a wealth of user data, including usernames, real names, email addresses, country of origin, encrypted passwords, and partial payment data. This breach was notable not only for its scale but also because the attacker chose to publicize the breach in a communication with ZDNet, diverging from the usual practice of keeping a low profile on dark web forums. Canva responded by notifying affected users, particularly those with decrypted passwords, advising them to change their passwords. Additionally, Canva reset passwords for users who hadn't updated theirs in the past six months, demonstrating the company's proactive stance on user security post-incident.
Source: https://www.upguard.com/blog/biggest-data-breaches-australia
"id": "can554042824",
"linkid": "canva",
"type": "Breach",
"date": "05/2019",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"