What is ShinyHunters? Hackers linked to massive Canvas breach affecting schools

The cyber extortion group ShinyHunters has taken responsibility for a major breach of Instructure’s Canvas learning management system, affecting nearly 275 million users worldwide. The attack compromised data from students and teachers at around 9,000 educational institutions, including names, email addresses, student ID numbers, and billions of private messages exchanged on the platform. ShinyHunters, known for targeting large organizations, issued a ‘pay or leak’ ultimatum with a May 6 deadline. The group has previously attacked companies like Salesforce, McGraw Hill, and Infinite Campus. Instructure’s chief information security officer, Steve Proud, confirmed the breach involved identifying user information but noted ongoing investigations. Cybersecurity experts warn the attack highlights a trend where hackers exploit third-party education vendors to compromise multiple institutions simultaneously. Utah, where most K-12 schools use Canvas, is particularly impacted. While direct identity fraud risks remain low for now, experts caution that leaked data could fuel future phishing or social engineering attacks. Authorities are still assessing the full scope of the breach, which has raised concerns about the security of educational data systems globally. The incident underscores the growing threat of cyber extortion groups targeting critical infrastructure like learning platforms.