The education technology platform Canvas, owned by Instructure, faced significant service disruptions after the cybercrime group ShinyHunters defaced its login page to demand ransom for stolen user data.

Key Points

• The cyberattack targeted 275 million student and faculty records across approximately 9,000 educational institutions.
• Instructure took the Canvas platform offline on May 7, citing "scheduled maintenance" after hackers replaced the login portal with ransom demands.
• Stolen data includes names, email addresses, student IDs, and internal messages, though Instructure claims no passwords or financial information were compromised.
• Security researchers suggest this is the third breach of Instructure by ShinyHunters in eight months, following a pattern of escalating attacks.
• Instructure has permanently disabled "Free-for-Teacher" accounts to address the specific vulnerability exploited by the attackers.

Why it Matters

This incident highlights the severe systemic risks posed when critical educational infrastructure becomes a target for persistent data extortion campaigns. The disruption during final exam season underscores the vulnerability of academic institutions that rely on centralized platforms for essential coursework and communication.