Customers love us

  • uuid 74e1a1a5 6f40 4028 a6a6 852a295ec504 | Canva Data Breach
    Thousands of clients trust us
  • uuid 0e2bb2d2 15e1 4782 aac7 89df887ba2c3 | Canva Data Breach
    No upfront fee
  • uuid 53eb1ec5 b283 4f79 98a2 fb5815c90cd3 | Canva Data Breach
    ≈ 85% success rate
  • uuid 84ea24a3 acf6 4503 9ece 393ddb536ba0 | Canva Data Breach
    We are international

Intro

In 2019, Canva, a popular online graphic design platform, faced a massive data breach that impacted a staggering 139 million users worldwide. The perpetrator, known as GnosticPlayers, pilfered sensitive information, including passwords, email addresses, and real names. The aftermath unfolded with a dramatic exchange as GnosticPlayers reached out to ZDNet, divulging the breach details. Fast forward to 2020, Canva made a startling revelation, acknowledging the decryption of four million user passwords. The timeline unveils a narrative of cyber turmoil, prompting a closer look at the vulnerabilities within our digital landscapes.

The Canva Data Breach Explained

What Happened?

An estimated 139 million users were affected by the 2019 Canva data breach. The hacker, GnosticPlayers, stole the passwords, OAuth tokens, email addresses, real names, and addresses of millions of Canva users around the world. GnosticPlayers contacted ZDNet, a technology news site, who claimed they were able to download data before the servers closed. 

Seven months later, Canva released a statement about the Canva data leak on its website stating that the company was aware of the breach and that approximately four million Canva users’ passwords had been decrypted and shared online. 

Timeline

  • 2020 (January): Canva became aware that approximately four million users’ passwords were decrypted on January 11, 2020.
  • 2019 (May): ZDNet received a message from GnosticPlayers about the breach on May 24, 2019.

Will there be compensation?

It’s common for large-scale data breaches to result in compensation for affected individuals. The exact Canva settlement amount may vary based on factors like the user’s location and the extent of the data breach.

zero | Canva Data Breach

No Win, No Fee. Our fees are deducted from the compensation we win for you, so you’ve got nothing to lose. Try it now ➡️

Am I Affected?

If you were affected, you should receive a data breach notification letter within 72 hours of its discovery. But, there have already been cases when these notices don’t get sent out at all, either as part of a cover-up to protect the company’s image or to avoid identifying users who might be entitled to compensation. So in case of a data leak, it’s a smart move to fill out the form and join the claim regardless. 

What To Do?

Whether you believe you were affected or are just exploring your options, you can quickly and easily check your eligibility and compensation amount with our quick data breach checker. In under two minutes, you’ll know how much money you can get and will be able to claim compensation. Give it a try!

Legal Proceedings and Canva Settlement

The Australian-based design software company immediately took action to mitigate the breach. According to the hacker, and based on the message it sent to ZDNet, Canva was able to detect the breach and managed to shut down the database server.  

Despite the data compromise of the 4 million affected users, no legal action was initiated by the affected parties and no settlement has been reached yet. However, it is worth noting that the fact no lawsuit or any other financial litigation has been started does not mean that Canva is exempted from other legal consequences of this massive data breach. Legal actions and settlements may still unfold in the future. 

How to Claim Canva Compensation

If you want to get compensation for the data breach, you need to join a group lawsuit, also known as a class action. When you do this, you’ll work with a financial litigation partner who handles everything for you. That is us! Your task is just to apply and then wait to get money

Remunzo handles all the hard work. We set up the lawsuit and take the corporation to court for you. Corporations don’t want to pay money easily, but Remunzo will fight hard to get your settlement payout. When joining thousands of others in a lawsuit like this, the corporation is more likely to pay and the settlement payment amount per person i.e. how much will you get tends to be higher.

Remunzo will keep you updated about the settlement status. But you need to be patient because it can take months till the settlement payments are done and you get paid

Quickly check your eligibility and compensation amount with our simple data leak checker. In under 2 minutes, you’ll know how much money you can get and will be able to claim compensation. Give it a try!

attention | Canva Data Breach

Claim your data breach compensation! Fill out our simple form in two minutes and discover your potential payout.

Canva‘s Impact on Users

After the May 2019 Canva breach of privacy, the Australian tech giant quickly sent out emails and other forms of communications to its users to secure their accounts. In order for the users to comply, Canva required everyone to change their passwords before they could continue using the graphic design software.

Canva’s Response and Changes in Data Security

Seven months after the Canva privacy leak and after the company told users to change their passwords, Canva forcibly reset the passwords of those who had not done so after May 24, 2019. The company also partnered with password manager 1Password to offer Canva users a free year of service. 

The company, however, assured everyone that no credit card and debit card details had been compromised in the hacking incident. Though the company admitted that the hacker had viewed partial credit card and payment data, the tech giant stated it had found no evidence that these financial data had been stolen as well. This claim is substantiated by the company.

In the company’s statement, published on its website, Canva affirms that it continues to invest heavily in security. The company listed the following steps, which it started implementing in the aftermath of the event: 

Notifying our users: We want our users to know that they’ve been affected. We’ve directly contacted users via email, but some users have out-of-date or incorrect email details so we have also used in-app notifications and the press to alert users to the breach. We are following up on our initial notification with individual emails to each user outlining what data was accessed.

Prompting users to change passwords: We’ve asked all users who had passwords set before the attack to change them, and are adding rules to help users set stronger ones.

Resetting OAuth tokens: We’ve worked with our partners to make sure all active login tokens that existed prior to the breach are reset. These users will be prompted to reconnect their Canva account.

Coordinating with partners: We are working with partner agencies to share information about the attack, identify the risk to users, and coordinate responses. For example, we’re alerting the email abuse teams of major providers to make it harder for attackers to phish our users.

Partnering with 1Password: While we recommend that our users use different passwords for each site they use, we know that’s hard. We have partnered with 1Password to offer a year free to Canva users who don’t already use their service.”

Future Implications and Impact on the Industry

Even though the IT company immediately shut down the database server after the Canva hack was detected, the decryption of over 4 million users’ passwords still put their users’ information in jeopardy. OAuth tokens, which were also part of the compromised tokens, may pose a problem as this authentication protocol allows a third party to interact with another app without requiring a password. 

This only highlights the importance of the 2-factor authentication enabled for all software and applications online. Famous and big tech companies are still open to cyberattacks. Encrypted passwords are vulnerable to being decrypted, as demonstrated by GnosticPlayers, who managed to decrypt 4 million passwords. It’s time that Canva offers a 2FA as users’ protection against account theft and, perhaps, better firewalls as a preventive measure against future breaches or unauthorized access attempts.

Other Famous Incidences of Privacy Breaches

Canva is not the only one who got its data stolen. Hundreds of other companies have faced or will face data breaches. Therefore, we strongly suggest using our Compensation Calculator. This tool will help you find out how many compensation claims you are eligible for and how much money you might get — and we can help you easily get it.

Conclusion

In conclusion, the 2019 Canva data breach affected millions worldwide, exposing sensitive user information. Canva took immediate steps to address the breach and enhanced security measures. Despite no legal actions or settlements yet, potential consequences for the company remain. Canva prioritizes user communication and password security, partnering with 1Password for additional protection. While financial data remained uncompromised, ongoing efforts reflect Canva’s commitment to safeguarding its users’ information and preventing future breaches.

question | Canva Data Breach

Are you missing out on other data breach payouts? Try our compensation calculator and find out now!

Frequently Asked Questions

How to minimize or prevent Data breach impact?

Using virtual payment cards with spending limits and unique email addresses for different services can greatly reduce the risks of data breaches. Disposable virtual cards protect your financial details, while custom email addresses (like “yourname+service@gmail.com”) help identify compromised services. These strategies add security layers, minimizing the impact of breaches on your personal and financial data.

What to do after a data breach?

In case of a data breach, promptly change your passwords on the affected accounts, making them strong and unique. Activate two-factor authentication for added security. Monitor your financial statements and credit reports for any unusual activity. Alert your bank or credit card provider about potential fraud. Be cautious of phishing scams following the breach and consider a credit freeze. Finally, report the incident to the appropriate authorities.

What is a Data breach notice?

A data breach notice is an official alert sent by an organization to individuals whose personal data, including potentially compromised passwords, may have been exposed in a security breach. Such a notice can often follow warnings from services like Apple or Google indicating that “this password appeared in a data leak.” It details the nature of the breach, affected data types, potential risks, and the organization’s remedial actions. The notice advises on protective measures, such as changing passwords and monitoring credit reports to mitigate harm.

Can I sue, and how to join a class action lawsuit?

Yes, you can sue for a data breach. With Remunzo, joining an active class action lawsuit is easy. Check your eligibility on our platform, and if your case is active, you can join the lawsuit. Remunzo handles all legal proceedings and negotiations for a settlement. These processes can take some time, but we keep you updated throughout. Use our Quick Data Leak Checker to see if you qualify to join and claim compensation.

When will I get paid the data breach settlement?

The time it takes to receive a data breach settlement payment varies, often taking several months after a settlement is reached. Factors like case complexity, number of claimants, and legal procedures affect the timeline. Remunzo will keep you informed about the settlement progress, but patience is key as these processes can be lengthy.

Sources

  1. Christou L. Gnosticplayers: Why the hacker behind the Canva data breach boasted to the media. Verdict [Internet]. 2019 Jun 3; Available from: https://www.verdict.co.uk/canva-data-breach-gnosticplayers/ 
  2. Dutta S. Decrypting Canva’s security breach that affected 139 million user accounts. Medium [Internet]. 2021 Dec 14; Available from: https://codeburst.io/inside-canvas-security-breach-that-affected-139-million-user-accounts-78467e315681 
  3. Tucker J. Did Canva suffer a data breach? [Internet]. Canva Templates. 2023.  Available from: https://canvatemplates.com/did-canva-suffer-a-data-breach-what-happened/ 
  4. All about Canva Data breach – IDStrong [Internet]. IDStrong. 2021. Available from: https://www.idstrong.com/sentinel/canva-data-breach/ 
  5. Canva Security Incident – May 24 FAQs [Internet]. Canva. [cited 2024 Jan 16]. Available from: https://www.canva.com/help/incident-may24/ 

Share

newsletter | Canva Data Breach

Stay up to date

    Submiting implies consent to our privacy policy
    | Canva Data Breach

    Author

    Our team counts over 80+ skilled lawyers from 8 countries and has many partner law firms working on your claims. You can trust us to take good care of your claims. We’re working to make a world where taking big companies to court is simple and just a few clicks away for everyone, no matter their budget, skills, or background. Our goal is to build a future where it’s easy for everyone to stand up for their rights and get justice.