Hack Shuts Down Canvas, an Online System Used By Thousands of Schools

A cybercriminal gang called ShinyHunters has disrupted Canvas, an online educational platform used by thousands of schools worldwide, including universities like Penn State, Baylor University, and the University of British Columbia. Students and professors reported outages and encountered an extortion note from the group, which claimed responsibility for breaching Instructure, the company behind Canvas. The note accused Instructure of ignoring negotiations and applying ineffective security patches after a previous cybersecurity incident was disclosed last Friday. The hack occurred as many universities were holding finals, causing significant disruptions for students and faculty. One professor shared on Reddit that students were taking a final exam when the outage struck. Instructure initially stated that Canvas was fully operational and no unauthorized activity was detected, but ShinyHunters later claimed to have reaccessed the system and stolen data from affected schools, including names, email addresses, and student IDs. The gang gave Instructure and the schools until May 12 to negotiate a payment or face the leak of stolen data. A text file attached to the extortion note listed nearly 9,000 affected institutions, including school districts. Meanwhile, reports suggest ShinyHunters may have removed Instructure from their Dark Web site, indicating a possible ransom payment. The group is known for impersonation tactics and has previously targeted companies like Vimeo and ADT, though they have a history of exaggerating claims. ShinyHunters confirmed their involvement in the breach but declined further comment. The incident has drawn comparisons to the infamous ALPHV hacking gang, which disrupted healthcare systems in 2024. Law enforcement is likely to increase scrutiny of the group following this high-profile attack. The disruption has highlighted vulnerabilities in educational IT systems during critical academic periods.