ShellCodeX Breach Report
Canva Data Breach
canva.com
Verified breach
Passwords exposed
Accounts exposed
137,272,116
Breach date
24 May 2019
Added to tracker
09 Aug 2019
Data classes
5
What happened
In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins.
Exposed data
Email addresses
Geographic locations
Names
Passwords
Usernames
Recommended actions
- Change your Canva password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Canva — attackers weaponise breach data quickly.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP