Canva Data Breach

Published: 11/14/2025

On May 24, 2019, Canva, a popular graphic design platform, fell victim to a massive data breach that exposed sensitive information related to millions of its users. This breach serves as a stark reminder of the growing risk of cyberattacks on SaaS platforms and underscores the need for stringent security measures for both companies and consumers.

Canva Data Breach explained: what happened?

The Canva data breach occurred on May 24, 2019, when hackers compromised the platform’s database, reportedly stealing information tied to approximately 139 million user accounts. The stolen data included usernames, email addresses, and partially hashed passwords. The breach was linked to a hacking group known as GnosticPlayers and appeared to be part of a larger campaign targeting multiple platforms.

When did the Canva Data Breach happen?

The Canva data breach was discovered and reported on May 24, 2019. Canva immediately notified affected users and began taking steps to mitigate the damage caused by the attack.

Who hacked Canva?

The attack was attributed to a notorious group known as GnosticPlayers, which has been involved in several high-profile breaches. The group claimed to have exfiltrated data and later offered portions of it for sale on dark web forums. Their motivations centered on financial gain through data monetization.

How did the Canva Breach happen?

The Canva breach was primarily linked to an exploit in its security systems, enabling unauthorized access to the database. While exact technical details remain unclear, leaked API keys or inadequate protections likely played a role in facilitating unauthorized access.

Canva Data Breach Timeline

May 24, 2019 – Canva detects unauthorized access to its database.
May 25, 2019 – Canva alerts users and prompts them to reset their passwords.
June 2019 – GnosticPlayers confirms responsibility for the attack in public forums.
2019–2020 – Canva strengthens its cybersecurity infrastructure and announces new measures to protect user data.

Technical Details

Attackers managed to gain unauthorized access to Canva’s servers, stealing hashed password data. While the passwords were encrypted using bcrypt, a strong hashing algorithm, the attackers still obtained email addresses and other sensitive details.

Indicators of Compromise (IoCs)

Current IoCs identified include suspicious login attempts, phishing activity targeting Canva users, and dark web listings advertising Canva-related data. Users are advised to check for unauthorized logins and enable additional security protocols.

Forensic and Incident Investigation

Canva worked with third-party investigators to determine the extent of the attack. While most data remained encrypted, the breach highlighted critical vulnerabilities in access controls and monitoring processes that required immediate attention and remediation.

What data was compromised in the Canva Breach?

The leaked data included user email addresses, usernames, and bcrypt-hashed passwords. Although some passwords were encrypted, hackers were still able to obtain sensitive information. Payment data and credit card information were not part of the breach.

How many people were affected by the Canva Data Breach?

Approximately 139 million Canva users were affected by the data breach, covering individuals and businesses relying on the platform.

Was my data exposed in the Canva Breach?

Canva users can confirm if their data was exposed through email notifications sent by the company. Additionally, platforms like Have I Been Pwned allow users to check if their accounts were compromised.

Key impacts of the Canva Breach

The Canva data breach resulted in reputational damage, potential phishing attacks targeting users, and heightened scrutiny of the platform’s security practices. Canva also faced challenges in regaining user trust and expediting necessary security upgrades.

Response to the Canva Data Breach

Canva responded swiftly by notifying affected users, enforcing password resets, and collaborating with cybersecurity firms to assess vulnerabilities. The company also rolled out stricter security measures, including multi-factor authentication and expanded encryption protocols.

Lessons from the Canva Data Breach

The Canva breach underscores the importance of proactive cybersecurity strategies such as implementing strong encryption standards, regularly updating security patches, and educating users about phishing and other threats.

Is Canva safe after the breach?

Canva has since implemented a range of security improvements, including more robust hashing algorithms, penetration testing, and incident monitoring systems. However, vigilant monitoring and regular system reviews remain essential to mitigate future risks.

Mitigation & prevention strategies

Enable MFA – Enforce multi-factor authentication to enhance account security.
Regular Updates – Keep software and systems patched against known vulnerabilities.
Monitor Networks – Invest in SIEM solutions for early threat detection.
User Awareness – Provide ongoing cybersecurity training for users.

Related data breach incidents

FAQs

The breach occurred due to a security exploit that allowed unauthorized access to Canva’s systems. Weak access controls and inadequate monitoring likely contributed to the hackers’ success.

The compromised data included email addresses, usernames, and bcrypt-hashed passwords. Payment information was not accessed.

A hacking group named GnosticPlayers claimed responsibility, with motivations tied to data monetization on the dark web.

Businesses should implement multi-factor authentication, regularly patch vulnerabilities, and invest in network monitoring solutions. Educating users about phishing and other cyber threats is also vital.

Protect What Matters

Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.

Try Huntress for Free