The May 24, 2019, Canva data breach is one of the largest in history, affecting approximately . The incident was carried out by a hacker known as GnosticPlayers , who targeted the platform's profile database. While the breach occurred in 2019, its impact has continued for years, with millions of passwords later decrypted and shared online as recently as late 2024. Overview of the Breach Discovery Date: May 24, 2019.
The initial database intrusion occurred. Canva interrupted the attack mid-way and locked down their systems. Canva.com database leaked 24th May 2019.7z
The hacker GnosticPlayers , infamous for high-profile breaches, claimed responsibility. Affected Accounts: Roughly 137 to 139 million subscribers . Stolen Data Types: Full names, usernames, and email addresses. Geographic data (cities and countries). The May 24, 2019, Canva data breach is
Cryptographically protected using the bcrypt algorithm. Overview of the Breach Discovery Date: May 24, 2019
Canva discovered that a list of 4 million decrypted passwords from the original breach had been shared online.
Canva collaborated with the and cybersecurity firm Mandiant to investigate and remediate the incident. Their response included: Canva Security Incident – May 24 FAQs - Canva Help Centre