The initial database intrusion occurred. Canva interrupted the attack mid-way and locked down their systems.
For users who logged in via Google, though Canva found no evidence they were decrypted. Chronology of Data Exposure Canva.com database leaked 24th May 2019.7z
Cryptographically protected using the bcrypt algorithm. The initial database intrusion occurred
Security reports indicated that the stolen data had resurfaced on the Dark Web, prompting renewed warnings for users who had not changed their reused passwords since the incident. Security Response and Mitigation Canva.com database leaked 24th May 2019.7z
Canva collaborated with the and cybersecurity firm Mandiant to investigate and remediate the incident. Their response included: Canva Security Incident – May 24 FAQs - Canva Help Centre