My Jedai

A significant data breach involving personal information from 571 Canva Creators program participants was exposed through an unsecured AI chatbot database operated by My Jedai, a Russian company. The exposed data included email addresses, countries of residence, and comprehensive responses to 51 questions about their experiences with Canva’s creator platform. The data leak creates dual risks: for creators, it provides a ready-made phishing toolkit, while for Canva, it reveals competitive intelligence about program strengths and weaknesses along with creator contact information.

Source: https://cybersecuritynews.com/canva-creators-data-exposed/

TPRM report: https://scoringcyber.rankiteo.com/company/j3dai

"id": "j3d607061025",
"linkid": "j3dai",
"type": "Breach",
"date": "6/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 571,
                        'industry': 'Technology',
                        'location': 'Russia',
                        'name': 'My Jedai',
                        'size': 'Microenterprise',
                        'type': 'AI Chatbot Development Company'}],
 'attack_vector': 'Unsecured Database',
 'data_breach': {'number_of_records_exposed': 571,
                 'personally_identifiable_information': ['Email addresses',
                                                         'Countries of '
                                                         'residence'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Email addresses',
                                              'Countries of residence',
                                              'Survey responses']},
 'date_detected': 'May 1, 2025',
 'date_resolved': 'May 2, 2025',
 'description': 'A significant data breach involving personal information from '
                'hundreds of Canva Creators program participants, exposed '
                'through an unsecured AI chatbot database operated by a '
                'Russian company.',
 'impact': {'data_compromised': ['Email addresses',
                                 'Countries of residence',
                                 'Survey responses'],
            'systems_affected': ['Chroma database']},
 'initial_access_broker': {'entry_point': 'Unsecured Chroma database'},
 'investigation_status': 'Resolved',
 'lessons_learned': 'The incident highlights the need for proper security '
                    'configuration in emerging AI technologies and the '
                    'potential risks in the AI supply chain.',
 'motivation': 'Unknown',
 'post_incident_analysis': {'corrective_actions': 'Secured the database within '
                                                  '24 hours',
                            'root_causes': 'Improper security configuration of '
                                           'the Chroma database'},
 'recommendations': 'Implement robust security measures, including '
                    'authentication mechanisms and restricted internet access, '
                    'for AI technologies to prevent unauthorized exposure.',
 'references': [{'source': 'UpGuard'}],
 'response': {'remediation_measures': ['Secured the database']},
 'threat_actor': 'Unknown',
 'title': 'Data Breach Involving Canva Creators Program Participants',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper security configuration'}

My Jedai

ThotExperiment

The Texas Department of Transportation

Texas Department of Transportation