Skip to content
Cyber Breaches
Search
Data breachResolved

Canva data breach (2019)

In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins.

Victim
Canva
records
137.3M
SectorRetail

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2019-05-24, Canva was affected by a data breach. Approximately 137,272,116 accounts were exposed. In May 2019, the graphic design tool website Canva suffered a data breach that impacted 137 million subscribers. The exposed data included email addresses, usernames, names, cities of residence and passwords stored as bcrypt hashes for users not using social logins.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#Canva
  2. canva.comhttps://canva.com

Related incidents

Data breachResolved

Benchmark data breach (2019)

In November 2019, the Serbian technology news website Benchmark suffered a breach of its forum that exposed 93k customer records. The breach exposed IP and email addresses, usernames and passwords stored as salted MD5 hashes.

Victim
Benchmark
Records
93.3K
Data breachResolved

Indian Railways data breach (2019)

In November 2019, the website for Indian Rail left more than 2M records exposed on an unprotected Firebase database instance. The exposed data included 583k unique email addresses alongside usernames and passwords stored in plain text.

Victim
Indian Railways
Records
583.4K
Data breachResolved

StarTribune data breach (2019)

In October 2019, the Minnesota-based news service StarTribune suffered a data breach which was subsequently sold on the dark web. The breach exposed over 2 million unique email addresses alongside names, usernames, physical addresses, dates of birth, genders and passwords stored as bcrypt hashes.

Victim
StarTribune
Records
2.2M
Data breachResolved

The Halloween Spot data breach (2019)

In September 2019, the Halloween costume store The Halloween Spot suffered a data breach. Originally misattributed to fancy dress store Smiffys, the breach contained 13GB of data with over 10k unique email addresses alongside names, physical and IP addresses, phone numbers and order histories.

Victim
The Halloween Spot
Records
10.7K