Canva—Canva data breach exposed 139 million user records

May 25, 2019

In May 2019, Canva suffered a major data breach affecting approximately 139 million users worldwide. Unauthorized access exposed usernames, email addresses, and bcrypt-hashed passwords. Cybersecurity experts criticized the company for burying the breach notification beneath marketing announcements about recent acquisitions.

Scoring Impact

Topic	Direction	Relevance	Contribution
Corporate Transparency	-against	secondary	-0.50
User Privacy	-against	primary	-1.00
Overall incident score =			-0.429

Score = avg(topic contributions) × significance (critical ×2) × confidence (0.57)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms Policy Change May 25, 2019 documented

Canva confirmed 139 million users affected in May 2019 data breach

Canva disclosed that a data breach on May 25, 2019 affected approximately 139 million users worldwide, exposing usernames, email addresses, and bcrypt-hashed passwords. Cybersecurity publication CISO Magazine reported the company was criticized for burying the breach notification beneath marketing announcements.

CISO Magazine

Related: Same Topics

Mira Murati · Gave evasive and contradictory answers about Sora AI video model's training data sources

Mar 13, 2024

Koa Health · Koa Health published third-party ethics audit showing 24% improvement and perfect bias reduction scores

Jun 1, 2023

Wysa · Wysa found sharing user data with Facebook in 2021 Consumer Reports investigation

Mar 1, 2021

Proton AG · Proton restructured ownership under Swiss nonprofit Proton Foundation to protect privacy mission

Apr 1, 2024

GitLab · GitLab published comprehensive open source stewardship policy with public handbook and development

Jan 1, 2022