Canva 2019 data breach: Difference between revisions

Revision as of 20:54, 17 March 2026

❗This article is a stub. You can help by expanding it.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.

More info ▼

An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.

On May 24, 2019, Canva identified their systems were attacked and posted an announcement about the breach, urging users to change their passwords. 139 million users were affected, and information taken includes usernames, real names, email addresses, and location. 61 million users' data included password hashes, and for other users, Google tokens were taken. Seven months later, on the 11th of January 2020, Canva became aware of 4 million user passwords had been decrypted and shared online. Following the discovery, on the 12th of January Canva has forcefully reset the password of every user that had not changed it since the date of the incident.

Background

Information about the product/service history to provide the necessary context surrounding the incident

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[Incident]

Change this section's title to be descriptive of the incident.

Impartial and complete description of the events, including actions taken by the company, and the timeline of the incident coming to the public's attention.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[Company]'s response

If applicable, add the proposed solution to the issues by the company.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Lawsuit

If applicable, add any information regarding litigation around the incident here.

Claims

Main claims of the suit.

Rebuttal

The response of the company or counterclaims.

Outcome

The outcome of the suit, if any.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Consumer response

Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

References

@@ Line 3: / Line 3: @@
 On May 24, 2019, [[Canva]] identified their systems were attacked and posted an announcement about the breach, urging users to change their passwords. 139 million users were affected, and information taken includes usernames, real names, email addresses, and location. 61 million users' data included password hashes, and for other users, [[Google]] tokens were taken. Seven months later, on the 11th of January 2020, Canva became aware of 4 million user passwords had been decrypted and shared online. Following the discovery, on the 12th of January Canva has forcefully reset the password of every user that had not changed it since the date of the incident.
-{{IncidentPreload}}
+==Background==
+{{Ph-I-B}}
+==[Incident]==
+{{Ph-I-I}}
+===[Company]'s response===
+{{Ph-I-ComR}}
+==Lawsuit==
+{{Ph-I-L}}
+==Consumer response==
+{{Ph-I-ConR}}
+==References==
+{{reflist}}
+[[Category:Canva]]
+[[Category:2019 incidents]]