Canva is urging their users to change their passwords following a data breach last week that affected 139 million users. 

They are recommending users change passwords and:

  • Avoid passwords containing real names or usernames.
  • Use passwords with minimum length of eight characters.
  • Include a minimum of three character types.
  • Use a password manager to generate and securely store passwords.

The data breach released access to a number of Canva usernames and email addresses, passwords in their encrypted form were also obtained, which means means that all Canva user passwords remain unreadable by external parties.

Their site says, "As soon as we became aware, Canva immediately took steps to determine the nature and scope of the problem, and alerted law enforcement. We are working with a forensics team that specializes in these types of attacks and the FBI to diagnose exactly what happened and are putting processes in place to help prevent another attack. We are committed to protecting the data and privacy of all of our users and will be implementing every possible safeguard to ensure this doesn’t happen again."