Education tool Canvas hacked, multiple US college newspapers report

The learning management system Canvas, widely used by schools, colleges, and universities for grades and course materials, experienced a major hack on Thursday, blocking students from accessing the platform. The hacking group ShinyHunters claimed responsibility, stating that thousands of schools—including Harvard, Duke, UCLA, and the University of Pennsylvania—were allegedly affected. The group posted a list of breached institutions and demanded universities contact them by May 12 to prevent data release. Instructure, Canvas’ parent company, acknowledged the issue on its status page, stating that Canvas and related sites were placed in maintenance mode while investigating login difficulties for Student ePortfolios. The company assured updates would follow but did not immediately respond to Reuters’ request for further comment. Harvard’s student newspaper, The Crimson, reported that access was disrupted beginning Thursday afternoon, with users redirected to a ShinyHunters message. The University of Pennsylvania’s student newspaper, The Daily Pennsylvanian, confirmed ShinyHunters had previously targeted Penn’s Canvas page. Duke University’s student newspaper, The Chronicle, also confirmed the hack affected its campus. Beyond the U.S., the University of the East in the Philippines issued a statement clarifying that Canvas remained operational but advised vigilance against phishing attempts linked to the breach. The university noted coordination with Instructure for updates. ShinyHunters has a history of high-profile breaches, including the April theft of nearly 80 million business records from video game developer Rockstar Games. The group’s demands and past actions suggest this incident may involve data exposure risks for affected institutions.