ShinyHunters cyberattack sparks nationwide alarm after Canvas breach
The cybercrime group ShinyHunters claimed responsibility for a breach of Canvas, an online learning platform used by nearly 9,000 institutions worldwide, threatening to release 3.65 terabytes of data affecting 275 million users unless ransom demands were met by May 12. The attack disrupted access to coursework and exams for universities like Arizona State University and MIT during the final weeks of the spring semester, with Instructure confirming the incident but denying exposure of passwords or financial data.
A cybercrime group called ShinyHunters has taken responsibility for a major breach of Canvas, the online learning platform operated by Instructure and used by thousands of schools and universities across the United States. The attack disrupted access to coursework, exams, and grades for students and faculty during the final weeks of the spring semester, with institutions like Arizona State University and the Massachusetts Institute of Technology reporting outages or warning notices tied to the incident. The group allegedly infiltrated Instructure’s systems, stealing approximately 3.65 terabytes of data, including names, email addresses, student identification numbers, and internal messages from as many as 275 million users across nearly 9,000 institutions worldwide. ShinyHunters demanded negotiations from affected institutions before May 12, displaying ransom-style messages on compromised Canvas login pages. Instructure acknowledged the breach earlier this month but stated there was no evidence that passwords, financial information, birth dates, or government IDs were compromised. The attack caused widespread disruption during final exams and graduation preparations, leaving students temporarily unable to access assignments and grades. Some universities restored service within hours, while others continued assessing potential exposure. Cybersecurity analysts describe ShinyHunters as one of the most active extortion-focused hacking groups, with a history of targeting corporations, universities, and cloud-based software providers. Experts warn that the breach highlights vulnerabilities in centralized cloud platforms used across education systems, where a single attack can disrupt thousands of institutions simultaneously. They urge affected users to change passwords, enable multi-factor authentication, and remain vigilant for phishing attempts, as stolen data is often used in identity theft and credential-harvesting scams. Federal authorities have not announced arrests related to the incident, and the full scope of the breach remains under investigation. Schools across the country are monitoring systems for further disruptions, with the attack marking one of the largest education-related data security incidents in recent years.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.