It’s finals season across many U.S. schools and universities, but for some students and teachers, the already stressful period has been aggravated by a cyberattack on a widely-used learning system that could put at risk the personal information of millions of its users.
Multiple schools have reported that Canvas, a web-based platform by ed-tech firm Instructure that is used for course content, assignments, and grades, went offline on Thursday. According to Instructure, Canvas has more than 30 million active users.
The Harvard Crimson, a student newspaper, reported that around the afternoon, those who accessed the platform were redirected to a message from hackers who identified as ShinyHunters and claimed responsibility for the breach.
“ShinyHunters has breached Instructure (again),” the message reportedly said, which TIME could not independently verify. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”
In a statement to TIME Friday, Instructure said that “out of an abundance of caution,” it temporarily took Canvas offline to contain access and further investigate.
“We have confirmed that the unauthorized actor exploited an issue related to our Free-For-Teacher accounts,” the statement read. “As a result, we have made the difficult decision to temporarily shut down our Free-For-Teacher accounts. This gives us the confidence to restore access to Canvas, which is now fully back online and available for use.”
The hackers’ message reportedly came with a link to a text file containing a list of schools it claimed were affected by the breach, and the hackers added that those who wished to prevent the release of data should reach out to them for a settlement. “You have till the end of the day by 12 May 2026 before everything is leaked.”
Instructure had posted on its website late Thursday evening that Canvas was “available for most users,” while its Canvas Beta and Canvas Test platforms remained “in maintenance,” hours after putting all three “in maintenance mode.”
Threat intelligence tracking platform Ransomware.live posted a copy of a previous ransom letter from ShinyHunters to Canvas on May 3, when the group claimed that it had 275 million individuals’ data from nearly 9,000 schools. “This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that’ll come your way,” the message warned.
On May 1, Instructure noted that it had experienced a “a cybersecurity incident perpetrated by a criminal threat actor.” By May 2, the ed-tech firm said the situation had been “contained,” but it disclosed that names, email addresses, student ID numbers, and messages among users, could have been among the information obtained from the breach.
A number of higher-learning institutions across the country, including Harvard, have been severely impacted by the outage and are now in crisis-solving mode.
Some universities resorted to cancelling scheduled exams and coursework deadlines, including Penn State, the University of Illinois, and James Madison University in Virginia. Columbia said it was “working actively with schools to minimize academic disruption, create alternative mechanisms to prepare for and deliver exams, and provide appropriate flexibility during this period.”
Besides flexibility, universities also urged users to be vigilant. Georgetown said to be mindful of unsolicited emails or messages appearing to come from Canvas, particularly those requesting login credentials or personal information. University of Michigan users have been advised to log out of the Canvas platform immediately “out of an abundance of caution.” The University of California said it ordered all its campuses to temporarily block or redirect Canvas access, which will not be restored “until we are confident the system is secure.”
Other schools that have reported similar outages include the University of Chicago, Baylor University in Texas, and the University of Maryland.
What do we know about ShinyHunters?
ShinyHunters took responsibility for the latest attack on Instructure as well as for a similar attack on the firm earlier this month. Luke Connolly, a threat intelligence analyst at the cybersecurity firm Emsisoft, described ShinyHunters to the Associated Press as a loose group of teenagers and young adults based in the U.S. and the United Kingdom. The group is believed to have been formed in 2020 and has been involved in previous high-profile hacking incidents.
In 2024, Ticketmaster owner Live Nation confirmed “unauthorized activity” on its database after ShinyHunters claimed to have stolen the personal details of 560 million customers, including phone numbers and partial credit card details.
The same year, the U.S. Department of Justice announced that 22-year-old French citizen Sebastien Raoult, an alleged member of ShinyHunters, which the DOJ described as a “notorious international hacking crew,” was sentenced to three years in prison and ordered to pay more than $5 million for conspiracy to commit wire fraud and aggravated identity theft. The announcement said Raoult and his co-conspirators hacked companies to steal confidential information and customer records for ransom or sale on the dark web.
Other previous targets of the group include Salesforce, where TIME co-chair and owner Marc Benioff is CEO, AT&T, and Rockstar Games, among others.
Hence then, the article about what to know about the canvas cyberattack that s affected thousands of schools was published today ( ) and is available on Time ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( What to Know About the Canvas Cyberattack That’s Affected Thousands of Schools )
Also on site :
- Heat Warning Issued as 450,000 Told Stay Inside for 60 Hours in California
- UCSD, San Diego State part of widespread attack on Canvas education platform
- Sacramento State caught in nationwide cyberattack targeting online learning platform