Canvas Online Learning Platform Disabled After Breach by Hackers
Canvas, an online learning platform used by over 8,000 universities and schools, was disabled after a hacking group called ShinyHunters claimed to have accessed data from 275 million users across 9,000 schools. The breach, confirmed by Instructure—the parent company—exposed personal information like names, emails, and student IDs, though no financial data was compromised, with ShinyHunters threatening to leak data unless a settlement is reached by May 12.
Instructure, the company behind the Canvas online learning platform, experienced a cybersecurity breach on May 1, disrupting services for thousands of schools and universities across North America. The platform, used by over 8,000 institutions for course management, assignments, and communication, was shut down for several hours on May 3, affecting students during final exams. ShinyHunters, the hacking group claiming responsibility, stated it had accessed data from 275 million users across 9,000 schools, including prominent universities like the University of Michigan, Harvard, Duke, and the University of Maryland. The breach exposed personal identifying information such as names, email addresses, student IDs, and Canvas messages, though Instructure confirmed no passwords, birthdays, government identifiers, or financial data were compromised. Steve Proud, Instructure’s chief information security officer, announced on May 2 that the incident was contained and that the platform was fully operational by May 3. However, ShinyHunters accused Instructure of ignoring their earlier warnings and applying ‘security patches’ without resolving the issue. The hacking group demanded a settlement, threatening to leak private messages and additional data on May 12 if no response was received. Early reports indicated ShinyHunters initially altered Canvas pages to display their ransom note, later changing it to a maintenance alert. Instructure’s status page confirmed the outage was resolved, but schools were advised to consult cybersecurity experts to mitigate potential risks. The disruption impacted students preparing for or taking final exams, with universities like Barnard College and Harvard issuing alerts about the outage. ShinyHunters, believed to have formed around 2020, has a history of targeting organizations with cyberattacks, though details about the group remain limited. Instructure did not provide further comment on the breach beyond confirming the containment of the incident and restoration of services.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.