A major outage hit the learning platform when a ransom note claimed to be from the ShinyHunters hacking group. The platform owned by Instructure, Canvas, has gone offline following confirmation of a significant data breach affecting student names, email addresses, ID numbers, and messages. On Thursday, students trying to access the system encountered a note from ShinyHunters, claiming responsibility for the hack:
ShinyHunters has once again infiltrated Instructure. Rather than contacting us for a resolution, they chose to ignore us and implemented “security patches.” If any schools on the affected list wish to prevent their data from being leaked, they should consult a cyber advisory firm and privately contact us on TOX to discuss a settlement. You have until the end of the day on May 12, 2026, before we release everything.
The threat included a link to the claimed list of schools breached through Canvas. The platform’s status page indicates that Canvas, Canvas Beta, and Canvas Test are currently down as they investigate the outage.
Instructure reported last week that “patches were applied to enhance system security” after the breach. ShinyHunters, which has previously claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel, stated that its data leak site includes 9,000 schools with data from 275 million students, teachers, and staff, according to Bleeping Computer.