Canvas is down as ShinyHunters threatens to leak schools’ data

Hacker News Top News

Summary

Canvas, the Instructure-owned learning platform, went offline after the hacker group ShinyHunters claimed responsibility for a massive data breach affecting millions of students and staff, threatening to leak data unless a settlement is reached.

<a href="https:&#x2F;&#x2F;thetech.com&#x2F;2026&#x2F;05&#x2F;07&#x2F;canvas-breach-26" rel="nofollow">https:&#x2F;&#x2F;thetech.com&#x2F;2026&#x2F;05&#x2F;07&#x2F;canvas-breach-26</a><p><a href="https:&#x2F;&#x2F;techcrunch.com&#x2F;2026&#x2F;05&#x2F;07&#x2F;hackers-deface-school-login-pages-after-claiming-another-instructure-hack&#x2F;" rel="nofollow">https:&#x2F;&#x2F;techcrunch.com&#x2F;2026&#x2F;05&#x2F;07&#x2F;hackers-deface-school-logi...</a>
Original Article
View Cached Full Text

Cached at: 05/08/26, 08:20 AM

# Canvas is down as ShinyHunters threatens to leak schools’ data Source: [https://www.theverge.com/tech/926458/canvas-shinyhunters-breach](https://www.theverge.com/tech/926458/canvas-shinyhunters-breach) [![Emma Roth](https://platform.theverge.com/wp-content/uploads/sites/2/chorus/author_profile_images/195810/EMMA_ROTH.0.jpg?quality=90&strip=all&crop=0%2C0%2C100%2C100&w=96)](https://www.theverge.com/authors/emma-roth) Emma Roth is a news writer who covers the streaming wars, consumer tech, crypto, social media, and much more\. Previously, she was a writer and editor at MUO\. The Instructure\-owned learning management platform, Canvas, is down after recently confirming a massive data breach that[impacted student names](https://status.instructure.com/incidents/9wm4knj2r64z), email addresses, ID numbers, and messages\. Students attempting to access the system on Thursday[saw a message](https://www.reddit.com/r/UTSA/comments/1t6lsdw/canvas_got_hacked/)from the hacking group ShinyHunters, which claimed responsibility for the attack: > ShinyHunters has breached Instructure \(again\)\. Instead of contacting us to resolve it they ignored us and did some “security patches\.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement\. You have till the end of the day by 12 May 2026 before everything is leaked\. The message included a link to a list of schools ShinyHunter claims to have breached through Canvas\. “Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode,” according to[Infrastructure’s status page](https://status.instructure.com/)\. “We anticipate being up soon, and will provide updates as soon as possible\.” Instructure said last week that it “deployed patches to enhance system security” following the breach\. ShinyHunters — which has claimed responsibility for attacks on[Ticketmaster](https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage),[AT&T](https://www.theverge.com/2024/7/14/24198294/att-paid-370000-ransom-hacked-customer-data-deleted-may),[Rockstar Games](https://www.theverge.com/games/910815/rockstar-games-says-hack-will-have-no-impact),[ADT](https://www.theverge.com/tech/918784/adt-confirms-customer-data-was-stolen-in-a-breach), and[Vercel](https://www.theverge.com/tech/914723/vercel-hacked)— said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff,[according to*Bleeping Computer*](https://www.bleepingcomputer.com/news/security/instructure-confirms-data-breach-shinyhunters-claims-attack/)*\.* ***Update, May 7th**: Added Instructure’s maintenance mode message\.* **Follow topics and authors**from this story to see more like this in your personalized homepage feed and to receive email updates\. - Emma Roth

Similar Articles

Instructure pays ransom to Canvas hackers

Hacker News Top

Instructure paid a ransom to the ShinyHunters cybercrime group after two breaches of its Canvas learning management system, resulting in the return of compromised data from 275 million users.

Canvas Breach Disrupts Schools & Colleges Nationwide

Krebs on Security

A cybercrime group defaced Canvas's login page with a ransom demand after a data breach, disrupting schools and universities nationwide. The stolen data includes names, emails, and student IDs, with threats to leak data unless paid.

Weekly Update 503

Troy Hunt

Troy Hunt's weekly update covers Instructure's 'pay or leak' deadline from ShinyHunters, with the company remaining silent and lawsuits being prepared.

Weekly Update 505

Troy Hunt

Troy Hunt's weekly update reports that the ShinyHunters hacking group has resurfaced with new claims against DentaQuest and Charter Communications after a brief silence following the Instructure ransom payment.