The Instructure-owned learning management platform, Canvas, is down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack:
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some โsecurity patches.โ If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas.
โInstructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode,โ according to Infrastructureโs status page. โWe anticipate being up soon, and will provide updates as soon as possible.โ
Instructure said last week that it โdeployed patches to enhance system securityโ following the breach. ShinyHunters โ which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel โ said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.
Update, May 7th: Added Infrastructureโs maintenance mode message.
About The Author
