Security

• Unraveling the Canvas Hack

  May 7, 2026 · securityfoss

  Roughly 9,000 educational institutions across the world have been affected by a large cyberattack mounted against Instructure, the parent company of Canvas LMS. Anyone who tried to login to their student portal this morning was greeted with the following message¹:

  SHINYHUNTERS
  rooting your systems since '19 ;)
  ShinyHunters has breached Instructure (again).
  Instead of contacting us to resolve it they ignored us and did some "security patches".
  
  ⚠ WARNING
  If any of the schools in the affected list(*) are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by
  12 May 2026 before everything is leaked.
  
  Instructure still has until EOD 12 May 2026 to contact us.
  
  ▼ DOWNLOAD AFFECTED_SCHOOLS.TXT ▼
  91.215.85.103/pay_or_leak/ instructure_affected_schools_list.txt
  visit us: shnyhntww34phqoa6dcgnvps2yu7dlwzmy5
  Ikvejwjdo6z7bmgshzayd.onion
  

  Note

  The full list of affected institutions (reportedly 8,809) includes major institutions like UC Berkeley, Penn, and Duke. You can find the claimed list here: https://databreaches.net/wp-content/uploads/Claimed-Victims-of-Canvas-Cyber-Incident.txt