๐Ÿ”’breach.co.nz ยท the NZ & Australia breach register ๐Ÿ›ก๏ธ A Govern service
Register โ€บ ๐Ÿ‡ฆ๐Ÿ‡บ AU โ€บ Technology

Canva

๐Ÿ‡ฆ๐Ÿ‡บ Sydney, NSW ยท Canva Pty Ltd ยท Record AU-2019-0141
โ—‹ Reported โ€” awaiting official confirmation
Reported โ€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
137,000,000 (approx)
Breach date
2019-05
Regulator
none
Trust tier
B ยท Reported

Data exposed

Usernames, names, email addresses and hashed passwords Media-reported

Confidence: Confirmed = regulator/court ยท Company-confirmed = the organisation's own disclosure ยท Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In May 2019 the Australian design platform Canva was breached, exposing data for around 137 million users worldwide, including usernames, names, email addresses and hashed passwords [canva-media]. Canva disclosed the breach and prompted password resets.

Timeline

  • 2019-05 โ€” Breach disclosed; ~137M accounts affected [canva-media].

Current status

Resolved; passwords reset and users notified. Figures are as reported. [canva-media]

Why it matters

One of the largest breaches to originate from an Australian company, with impact spread across a global user base.