A threat actor known as xorcat has posted an alleged Canva dataset containing 900,000 user records as a free download on an online forum, accompanied by a 20-record sample to demonstrate authenticity. The dump includes bcrypt ($2y$10$) hashed passwords, OAuth provider links (Google/Facebook/Email), account identifiers, and platform usage metadata that could expose high-value enterprise users and linked third-party accounts. #xorcat #Canva
Keypoints
- xorcat uploaded an alleged Canva dataset of 900,000 user records and provided a 20-record sample to show structure and authenticity.
- The dataset contains account identifiers including user IDs, email addresses, and full names.
- Passwords in the leak are hashed with bcrypt ($2y$10$), making cracking more costly but still risky for weak passwords.
- OAuth provider information (Google, Facebook, Email) is included, revealing linked third-party accounts for each profile.
- Platform usage and account metadata—team/brand data, design counts, storage usage, creation dates, and last login—could help identify high-value enterprise or professional users.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!