Breach cyber

Canva

Jun 9, 2025 1 min read
Canva

A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses from over 500 Canva Creators. The exposed data included email addresses, feedback on Canva’s Creator Program, and personal insights into the experiences of designers across more than a dozen countries. The data exposure was discovered by cybersecurity firm UpGuard, which confirmed the database was publicly accessible and lacked authentication.

Source: https://hackread.com/limited-canva-creator-data-expose-ai-chatbot-database/

TPRM report: https://www.rankiteo.com/company/canva

"id": "can900060925",
"linkid": "canva",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 571,
                        'industry': 'Design Platform',
                        'location': 'Australia',
                        'name': 'Canva',
                        'type': 'Company'},
                       {'industry': 'AI Chatbot Services',
                        'location': 'Russia',
                        'name': 'My Jedai',
                        'size': 'Microenterprise',
                        'type': 'Company'}],
 'attack_vector': 'Unsecured Database',
 'data_breach': {'number_of_records_exposed': 571,
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['Email addresses',
                                              'Survey responses']},
 'description': 'A Chroma database operated by Russian AI chatbot startup My '
                'Jedai was found exposed online, leaking survey responses from '
                'over 500 Canva Creators.',
 'impact': {'data_compromised': ['Email addresses', 'Survey responses'],
            'systems_affected': ['Chroma Database']},
 'lessons_learned': 'The incident highlights the need for proper configuration '
                    'and security measures when using AI technologies to '
                    'prevent data exposure.',
 'post_incident_analysis': {'root_causes': 'Lack of authentication and proper '
                                           'configuration of the Chroma '
                                           'database'},
 'references': [{'source': 'UpGuard'}],
 'response': {'communication_strategy': ['Notified affected Creators',
                                         'Notified regulators'],
              'containment_measures': ['Secured the exposed database']},
 'title': 'Chroma Database Exposure at My Jedai',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Lack of Authentication'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Gainsight

public 2 min read
Gainsight experienced a security breach involving its Salesforce-connected app, where suspicious activity was detected. While the company’s CEO, Chuck…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success platform, suffered a breach linked to its Salesforce-connected app, initially flagged by Salesforce due to unusual…
Jeremy C Jeremy C
Breach cyber

Gainsight

public 2 min read
Gainsight, a customer success management software firm, experienced a breach in its systems that compromised Salesforce customer tokens. The incident…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.