- Total Records137,526,119
- Unique Emails137,971,027
- Unique Email Providers3,777,432
- Unique Usernames136,762,432
- Unique First Names99,237,111
What Happened in the 2019 Canva.com Data Breach?
On May 24, 2019, Canva.com—one of the world's leading graphic design platforms—suffered a major data breach that exposed the sensitive information of approximately 137 million registered users. The platform, well-known for its easy-to-use design tools for both professionals and the general public, found that attackers accessed a broad array of personal user details. Exposed information included email addresses, phone numbers, user names, full names, cities, and countries of residence. Attackers also obtained links to profile images and URLs associated with user accounts. Notably, the intruders accessed account passwords, but these were protected by bcrypt hashing, which is considered a strong method for storing passwords securely. The incident quickly drew widespread attention due to Canva’s popularity and the sheer number of people affected, creating significant concerns over user privacy and data security.
Timeline of the Canva Data Breach
The data breach occurred on May 24, 2019. Canva became aware of suspicious activity on the same day and began investigating the incident immediately. Company representatives soon notified affected users and took steps to contain further unauthorized access. Public reporting about the breach began circulating rapidly as news outlets picked up on the significant total of compromised accounts.
Scope of the Breach: What Data Was Exposed?
The breach compromised information on over 137 million Canva users. The affected data fields included:
- Email addresses
- Phone numbers
- Username
- Full names (including first and last names)
- City and country of residence
- Profile URLs
Additionally, passwords for these accounts were accessed, but they had been secured using the bcrypt hashing algorithm, reducing but not eliminating the risk of account takeover. Payment information and credit card numbers were not part of the compromised data set.
Who Was Behind the Canva Breach?
Attribution details suggest the incident was carried out by a well-known attacker linked to other large-scale database breaches around the same time. While the hacker’s online alias was widely reported in some security circles, Canva worked with law enforcement to investigate and manage the response. The breach reflected the increasing pattern of attackers targeting high-profile internet platforms for large troves of user information.
Frequently Asked Questions About the Canva.com Breach
How many users were affected by the Canva.com data breach?
The 2019 Canva breach impacted 137,526,120 users whose personal information was exposed.
What data was leaked in the Canva.com breach?
Information exposed included email addresses, phone numbers, full names, usernames, city and country details, profile URLs, and password hashes protected with bcrypt.
When did the Canva.com breach occur?
The breach took place on May 24, 2019. Canva discovered and responded to the unauthorized access on the same day.
Who was responsible for the Canva data breach?
The attack was attributed to a well-known threat actor operating under various online aliases, according to security industry reports available at the time.
How can I check if I'm in the Canva.com breach?
You can check if your information was part of the Canva.com breach by utilizing the DeHashed search engine.