Canvas hack strands university students during finals week
A hacking group called ShinyHunters disrupted Canvas, a cloud-based learning platform used by over 30 million users globally, by displaying ransom notes on university sites including Georgetown, Columbia, Harvard, and Princeton during finals week. The attack follows a prior May 1 breach where Instructure, Canvas’s parent company, confirmed exposure of user names, email addresses, and student IDs, with ShinyHunters demanding payment by May 12, 2026, to prevent further data leaks.
A hacking group named ShinyHunters took control of Canvas, a widely used cloud-based learning platform, on Thursday, replacing university homepages with ransom notes across institutions nationwide. Affected schools include Georgetown University, Columbia University, Rutgers, Princeton, Kent State, Harvard, and school districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah, Virginia, and Wisconsin. Canvas, owned by Instructure, serves over 30 million active users globally and over 8,000 institutions, making it a critical tool for students during finals week. The disruption began when students attempting to access grades, study materials, and quizzes encountered a message from ShinyHunters demanding ransom to prevent data leaks. The group claimed responsibility for both the latest attack and a prior breach on May 1, where Instructure confirmed a cybersecurity incident exposing user names, email addresses, and student IDs. Thursday’s ransom note gave Instructure until May 12, 2026, to contact the hackers or face further consequences. Instructure stated Canvas was in ‘maintenance mode’ while investigating the issue. Students at universities like the University of Pennsylvania, Georgetown, and the University of California, Riverside reported panic and frustration, with some missing quizzes or unable to access study materials. Anish Garimidi, a junior at the University of Pennsylvania, described the incident as ‘troubling’ but noted professors provided alternative resources. Minhal Nazeer, a Georgetown sophomore, welcomed extended deadlines due to the hack, though she acknowledged others were more stressed. Melanie Topchyan, a senior at UC Riverside, missed a quiz and expressed concern about preparing for a midterm without access to Canvas materials. The attack highlights the vulnerability of digital education platforms, which many institutions rely on for daily operations. ShinyHunters’ repeated targeting of Instructure suggests a pattern of exploiting weaknesses in widely used systems. While some students faced academic disruptions, others saw unintended benefits, such as extended deadlines. Instructure has yet to provide a public update beyond confirming maintenance and an ongoing investigation.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.