Canvas hacked: ShinyHunters attack exposes alarming new ransomware trend
The hacking group ShinyHunters claimed to have breached educational platform Canvas, exposing 280 million student and staff records from 8,809 institutions, including Harvard and Stanford, while demanding a ransom to prevent data leaks by May 12. The attack disrupted access to course materials and grades during finals week, highlighting a shift toward human-centric cyber extortion targeting education systems.
The hacking collective ShinyHunters has claimed responsibility for a major cyberattack on Canvas, an educational platform used by over 8,809 schools, colleges, and universities in the U.S. The breach, confirmed by Canvas’s parent company Instructure, resulted in unauthorized access to 280 million records, including student names, email addresses, student IDs, and internal messages. The attack began on Thursday afternoon, causing a widespread outage that left students unable to access grades, assignments, and course materials during finals week. Instructure acknowledged the incident on its website, stating that affected sites were placed in maintenance mode while the company investigates. The company assured users that it anticipates restoring services soon and will provide updates as they become available. However, ShinyHunters released a statement accusing Instructure of ignoring security warnings before the breach, claiming the company only applied ‘security patches’ after being contacted. The hackers demanded ransom payments to prevent the release of the stolen data, threatening to sell it online if no settlement is reached by May 12. Unlike traditional ransomware attacks that focus on data encryption, this incident highlights a new trend: targeting educational platforms to disrupt academic continuity and exploit sensitive behavioral and research data. The breach underscores how cybercriminals are increasingly weaponizing education systems to cause nationwide disruptions. Students at affected institutions, including Harvard and Stanford, reported frustration over the outage, with some, like Kean University junior Dihanel Antonio, losing critical time to submit final assignments. The attack also exposed vulnerabilities in data protection beyond financial information, as hackers could access years of proprietary research and unpublished academic work. Previously considered a low-value target, the educational sector is now a prime focus for cyber extortion, signaling a dangerous evolution in digital threats.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.