ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Canva Data Breach

canva.com
Massive exposure
Verified breach Passwords exposed
Accounts exposed 137,272,116
Breach date 24 May 2019
Added to tracker 09 Aug 2019
Data classes 5

What happened

In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins.

Exposed data

Email addresses Geographic locations Names Passwords Usernames

Recommended actions

  • Change your Canva password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Canva — attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP