Canvas Learning Platform Recovering After Major Security Incident
Canvas, the widely used learning management platform owned by Instructure, has returned to full operation following a significant outage. The disruption occurred due to a data breach that compromised student information, including names, email addresses, ID numbers, and private messages. Upon attempting to access the system during the outage, students encountered a ransom message attributed to the hacking group ShinyHunters, which claimed responsibility for the attack.
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The hackers’ message included a link to a list of educational institutions they claim were affected by the breach via Canvas. In response to the incident, Instructure stated, “Yesterday, Instructure discovered the unauthorized actor involved in our ongoing security incident made changes to the pages that appeared when some students and teachers were logged in. Out of an abundance of caution, we immediately took Canvas offline to contain access and further investigate. We regret the inconvenience and concern this may have caused.”
As of now, Instructure’s status page indicates that Canvas is accessible to most users. However, the Canvas Beta and Canvas Test systems remain under maintenance. The company is also addressing an issue where some users are experiencing difficulties logging into Student ePortfolios.
Instructure confirmed that the breach originated from an issue related to their Free-For-Teacher accounts, leading to the decision to temporarily disable these services. The timeline for restoring these accounts has not yet been announced. The company had previously stated that security patches were deployed to strengthen system defenses following the initial breach.
ShinyHunters, a group known for previous attacks on major companies like Ticketmaster, AT&T, and Rockstar Games, reportedly claims to have data from 9,000 schools, potentially affecting 275 million students, teachers, and staff, according to Bleeping Computer.
Business Style Takeaway: This incident highlights the critical importance of robust cybersecurity for educational platforms handling sensitive student data. Educational institutions and their technology providers must prioritize proactive security measures and rapid incident response to maintain trust and prevent significant operational disruptions and data exposure.
According to the portal: www.theverge.com