Exclusive: Envato investigates cyber attack claims, no evidence of breach so far

Australian digital asset and creative resource platform Envato has said that it is investigating claims of a cyber attack but has so far found no evidence of a breach.

Founded in 2006, Melbourne-based Envato is a platform that provides creatives with photos, videos, fonts, templates, 3D, AI and other media assets on a subscription basis.

The company operates all around the globe, including in Australia, New Zealand, Mexico, Vietnam, and the US.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Yesterday (24 June), Cyber Daily observed threat actor claims of an Envato API attack through which 11 million Envato emails were allegedly stolen.

The threat actor, going by the name “WISDOM” posted the claims on a Russian dark web forum, listing the allegedly stolen data for sale at $2,500 per copy. WISDOM added that the data would be sold to only two buyers and that they would provide a sample to “serious buyers”.

🚨🇦🇺Alleged Data Breach of Envato pic.twitter.com/GhEJDxldOE
— Dark Web Informer - Cyber Threat Intelligence (@DarkWebInformer) June 23, 2025

VIEW ALL

Responding to Cyber Daily’s request for comment, Envato said that while it is investigating the claims, no evidence of a cyber attack has been discovered.

“We’re aware of a recent claim suggesting unauthorised access to Envato data and are investigating the matter urgently,” an Envato spokesperson told Cyber Daily.

“At this time, we’ve found no evidence of a data breach affecting Envato. The investigation remains active, and we’ll take action necessary to protect our users’ data, which is our highest priority.”

It is currently unclear whether or not any of the alleged data has been sold.

While the claims said the allegedly stolen data is just emails, the breach could still prove massively damaging to customers.

Threat actors could use the emails in phishing attacks, posing as Envato staff in an attempt to secure more information or convince them to provide financial data or send money.

It is also likely that the threat actor in question has lied about the contents of the data and is using email addresses sourced from old breaches or fake data.

While Envato has not issued a public statement regarding the incident, it is likely the situation may change if they discover evidence of a breach.

This is an ongoing story. Cyber Daily will continue to provide updates as the situation develops.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Exclusive: Envato investigates cyber attack claims, no evidence of breach so far

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED