Instructor-owned learning management platform, Canvas, has recently shut down after confirming a massive data breach that affected students’ names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack:
ShinyHunters has violated the directive (again). Instead of contacting us to resolve this they ignored us and made some “security patches”. If any of the schools on the affected list are interested in preventing their data from being released, please consult with a cyber advisory firm and contact us privately at TOX to reach a compromise. You have until May 12, 2026 before everything is leaked.
The message included a link to a list of schools that ShinyHunter claimed to have access to through Canvas.
According to the infrastructure’s status page, “Instructor has placed Canvas, Canvas Beta, and Canvas Test in maintenance mode.” “We expect to be activated soon, and will provide an update as soon as possible.”
Instructor said last week that it “deployed patches to enhance system security” after the breach. ShinyHunters – which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT and Versal – said its data breach site involved 9,000 schools, containing data on 275 million students, teachers and other staff. bleeping computer.
Update, May 7: Added infrastructure maintenance mode message.
<a href