Hackers hit University of Missouri system and 9,000 other Canvas schools

The University of Missouri system’s Canvas educational platform was hacked on April 25, with users greeted by a message claiming responsibility from the group ShinyHunters. The hackers demanded a ransom payment by May 12, threatening to release user data if the deadline was missed. The breach extended beyond Mizzou, affecting at least 9,000 other schools using Canvas, including Duke, Rutgers, and the University of Pennsylvania. Canvas is estimated to be used by over 40% of U.S. universities. ShinyHunters has previously targeted major corporations like Microsoft, AT&T, and Louis Vuitton, as well as other educational software providers such as Power School. The group has been active since 2019, with a history of data thefts. Initially, the hackers’ message on Canvas warned of data distribution if the ransom was not paid, but by 3:40 p.m. Central Time, the message had changed to claim the platform was undergoing scheduled maintenance. The breach remains a developing story, with no confirmation of whether the ransom was paid or if data was leaked. Earlier reports mistakenly linked ShinyHunters to an LGBTQ group, though this claim has since been removed from their Wikipedia page. The incident highlights vulnerabilities in widely used educational software systems.