ShinyHunters Canvas breach: When will Canvas be back up? Expert gives advice to schools on list

The hacker collective ShinyHunters breached Canvas by Instructure, triggering widespread outages and exposing data from over 1,200 users. The group posted a message demanding schools on their target list—including Harvard, MIT, Oxford, Stanford, Princeton, Columbia, Cambridge, Cornell, Berkeley, and Georgetown—contact them via TOX by May 12, 2026, to negotiate a settlement or risk public data leaks. Downdetector reports over 8,000 users experienced disruptions, with many still affected. Users on social media expressed frustration, asking when services would resume. Instructure acknowledged the breach but provided no specific details about the hack on its status page, only stating it was investigating the issue. The company placed Canvas, Canvas Beta, and Canvas Test in maintenance mode and suggested services would be restored soon, though no timeline was given. A cybersecurity expert warned schools not to engage with the hackers, emphasizing that stolen data could be used for further harassment. ShinyHunters claimed responsibility for the breach, criticizing Instructure for ignoring their previous warnings and applying ineffective security patches. The group stated they had been exploiting vulnerabilities since 19, though no evidence of prior breaches was provided in the message. Instructure’s vague communication has left institutions and students uncertain about recovery timelines or data security risks. The breach underscores growing concerns over cybersecurity vulnerabilities in educational platforms.