Canva, the Australian Graphic Design site that claims to have 50 million premium photos available via subscription, detected a data breach on May 24th of the records of 139 million customers.
When it came time to inform customers about the breach they started the announcement with the following:
“At Canva, we spend a lot of time and energy working to empower our community to create great designs. The last week has been a big one for us. We’ve announced the acquisitions of free photography sites Pexels and Pixabay to give our community an additional one million free images to use in Canva, introduced a beautiful new browse experience for all of our photos and rolled out Canva Print for T-shirts in the U.S.”
After the marketing pitch, then they got down to explaining the bad news about the data breach.
The company received a lot of criticism for not having led with the information about the breach. Many thought that after reading the first paragraph many recipients of the email would have thought it was “marketing fluff” and not bothered to read further to understand that their data may have been stolen.
There is now a Security Notice on the Canva site that says: “We recommend that you update your password if you use your email to log into Canva.” Evidently, some unauthorized person now has all the customer and maybe image supplier passwords.