Canvas Hacked Update: Who Are the Hackers and How Long Will the LMS Be Down?

A cyberattack on Canvas, the widely used learning management system owned by Instructure, has locked out students at major US universities during finals week. The disruption began on Thursday when ShinyHunters, a hacking group, took control of parts of the platform, replacing user dashboards with a ransom note demanding payment to prevent further data exposure. Affected institutions include Harvard University, Princeton University, Columbia University, Georgetown University, and Rutgers University, where students reported being unable to access coursework, grades, or exam materials. ShinyHunters claimed responsibility for the breach in a message posted across affected university pages, referencing an earlier incident involving Instructure earlier this month. The group accused Instructure of ignoring previous warnings and threatened further data leaks if demands were not met. Instructure has not confirmed negotiations or the specific ransom demands but stated it is actively working to restore services and assess the breach’s scope. Canvas was placed in maintenance mode while cybersecurity teams investigated, leaving over 30 million active users worldwide without access. Earlier this month, Instructure acknowledged a separate breach where user data, including names, email addresses, and student IDs, was accessed, though it claimed the incident was contained. It remains unclear whether the latest attack is linked or has resulted in additional data exposure. Students at universities like the University of Pennsylvania faced heightened stress as exam deadlines approached without access to study materials. Instructure’s status page confirmed the outage but did not provide a timeline for full restoration. The attack has intensified scrutiny on Canvas’s security measures amid widespread reliance on the platform for academic operations.