ShinyHunters Hacker Group Breaches Canvas, Threatens Universities With Massive Data Leak

The hacker group ShinyHunters has resumed cyber extortion activities by targeting Instructure, the company behind the widely used Canvas learning management system. A threatening message appeared on the University of Pennsylvania’s Canvas login page, warning institutions to negotiate privately with the group by May 12, 2026, or face a public data leak. ShinyHunters claimed responsibility for a breach affecting nearly 9,000 educational institutions, including all eight Ivy League schools. The group stated it obtained around 275 million records, including billions of user messages and extensive personal data linked to students, staff, and institutions. The University of Pennsylvania separately reported that over 300,000 lines of its user data had already been compromised. The hackers instructed affected schools to consult with a cyber advisory firm and contact them via the encrypted platform TOX to negotiate settlements before the deadline. This follows a previous breach of Penn’s Graduate School of Education last fall, suggesting an escalation in targeting Instructure and its affiliated institutions. Canvas is a critical platform for assignments, coursework, and student records across the education sector, making the threat particularly alarming. The full scope of the breach and the authenticity of ShinyHunters’ claims remain unverified by independent sources. This incident adds to growing concerns about cybersecurity vulnerabilities in educational systems, where reliance on centralized platforms like Canvas creates significant risks. The group’s demand for private negotiations highlights the high-stakes nature of the extortion campaign.