ShadowMap

Dark Web Exposure for canva.com

Credentials, devices and data found in dark web stealer logs & breaches
100
Exposure level: Critical
canva.com scores 100/100 based on leaked credentials, compromised devices, and stolen financial & session data found on the dark web.
Most recent exposure 21 days ago Last 90 days -11% 0% reuse a top-10 password
Employee exposure
corporate accounts — @canva.com
3,653
leaked credentials · 308 compromised devices
Top exposed employee accounts
canva.com462
canva.com/design/play94
canva.com/ar/signup/66
car***@canva.com53
//canva.com/login elizavitoria***@gmail.com46
Where staff accounts were caught
https2,021
http400
www.canva.com148
yml7g-h73
87bwm4r66
Customer exposure
stolen logins for canva.com
3,163,054
leaked credentials · 12,364 compromised devices
Top exposed customer accounts
emporiodascesta***@gmail.com30
quesiaadrienel***@gmail.com27
lavaquitaardu***@gmail.com23
canvapro20***@gmail.com22
brandseotool***@gmail.com22
Most targeted services
www.canva.com2,105,577
.canva.com795
about.canva.com262
create.canva.com188
66w.canva.com67
3,166,311
Exposed Credentials
12,367
Compromised Devices
3
Credit Cards
409
Crypto Wallets
21,388
Auth Tokens
37,920,045
Stolen Cookies

Exposure over time (credentials leaked per month)

2024-012026-05

Corporate SaaS & shadow-IT exposed (employee logins to third-party services)

LinkedIn15
Google Workspace10
Slack6

Most common passwords 0% reuse a top-10 password

12***561,083
12***781,082
12***89509
de***34483
To***om474
ad***in472
mo***23402
@C***rt398
ca***23385
To***23372

Stolen sessions (active cookies that can bypass MFA)

youtube.com1,209,741
google.com683,673
pubmatic.com449,707
adnxs.com414,808
bing.com386,009
criteo.com344,463

Compromised despite antivirus (AV installed on infected devices)

Windows Defender399
Avast Antivirus21
360 Total Security13
McAfee13
Kaspersky10
ESET Security7

Financial, crypto & app tokens

Crypto wallets
metamask224
phantom80
okx24
trust20
bitget14
exodus12
App / session tokens
Google19,386
Discord1,642
Telegram360

Where devices were compromised (by country)

Mexico [MX]115
Colombia [CO]73
Peru [PE]40
Argentina [AR]32
PH28
Top cities
Lima26
Quito12
Caracas11
Bogotá9
Mexico City9

Browsers & apps affected

Google Chrome (Default)1,660
Microsoft Edge (Default)1,591
Edge [Default]1,208
Chrome [Default]992
Google Chrome (Profile 1)706
Chrome [Profile 1]389

Stealer malware families seen

RedLine

Related companies

calb-tech.com camalvika.in camarchand.com caparoautotech.com capriloans.in caratlane.org cardpe.com cardpool.com

Explore

All scorecards Most exposed companies Companies “C”
Check your own exposure →

Free dark web & attack-surface check by ShadowMap

Figures are aggregate counts derived from dark web stealer logs and public breach data. Data is indicative and updated periodically.