Instructure Breach: Hackers Threaten to Leak 8,809 Schools' Data
Key Takeaways
- ShinyHunters claims to have stolen 280 million records from 8,809 schools using Instructure's Canvas platform
- Hackers executed a second breach to deface login portals and issue ransom demands with a May 12 deadline
- Stolen data includes names, emails, student IDs, and user messages, though Instructure says no passwords or financial data was taken
ShinyHunters, the extortion group behind the Instructure breach, claims to have stolen data from 8,809 schools worldwide. The hackers say they have 280 million records from teachers, students, and staff members who use Canvas, Instructure's cloud-based learning management system.
The situation escalated on May 7 when students at multiple universities found their Canvas login pages had been defaced. Instead of the usual portal, they saw a message from ShinyHunters threatening to publish stolen data on May 12 unless Instructure negotiates a settlement.
Two Separate Breaches
ShinyHunters told TechCrunch that the defaced login portals were made possible by a second, separate breach. This means the group penetrated Instructure's systems twice. The first breach involved stealing the actual data. The second gave them access to modify what students see when they try to log in.
BleepingComputer reported that the stolen data ranges from tens of thousands to several million records per institution. The publication did not name specific affected schools.
However, some schools have been publicly identified through student reports. The Harvard Crimson reported that Harvard students lost access to Canvas at 3:30 PM on May 7. The website redirected to ShinyHunters' message claiming the group had breached Instructure "again."
UC Irvine's campus newspaper also reported that students started receiving pop-up notices with the same ransom message on Thursday.
What Data Was Stolen
Instructure confirmed the breach a few days ago. The company admitted that hackers stole:
- Names
- Email addresses
- Student ID numbers
- Messages exchanged between users on the platform
Instructure said it found no evidence that passwords, dates of birth, government identifiers, or financial information were stolen. The messages between users could include private communications between students and instructors, making this category particularly sensitive.
Instructure's Response
The company has rolled out patches for the first incident. After the warning notices started appearing on May 7, Instructure shut down Canvas for hours. This left students unable to access course materials, assignments, and discussion boards during the outage.
Canvas is widely used by educational institutions to host course websites, readings, and grade assignments. An extended outage during the semester affects teaching schedules and student access to materials.
The May 12 Deadline
ShinyHunters has set May 12 as the deadline for Instructure to negotiate. The group's message advised affected schools to push for a settlement if they don't want data from their teachers and students leaked publicly.
It's unclear whether Instructure will negotiate or how individual schools might respond. Paying ransoms to extortion groups is controversial. It can encourage future attacks, but refusing means stolen data often ends up on dark web forums.
Logicity's Take
Who Is ShinyHunters
ShinyHunters is a well-known extortion group that has been active since at least 2020. The group typically targets cloud-based services and has previously claimed responsibility for breaches at companies including Microsoft, Tokopedia, and AT&T. They often steal data first, then demand payment to prevent its release.
Frequently Asked Questions
What schools were affected by the Instructure breach?
ShinyHunters claims 8,809 schools were affected. Harvard University and UC Irvine have been publicly confirmed. BleepingComputer has not released a full list of affected institutions.
Were passwords stolen in the Canvas data breach?
Instructure says it found no evidence that passwords, dates of birth, government identifiers, or financial information were stolen. The confirmed stolen data includes names, emails, student IDs, and user messages.
What is the May 12 deadline in the Instructure hack?
ShinyHunters has threatened to publicly release stolen data on May 12, 2026, unless Instructure negotiates a settlement with the group.
Is Canvas safe to use after the Instructure breach?
Instructure has rolled out patches and temporarily shut down Canvas to address the security issues. However, the existence of a second breach suggests ongoing security concerns. Users should monitor communications from their institutions.
How many records were stolen from Instructure?
ShinyHunters claims to have stolen 280 million records total, with individual institutions losing anywhere from tens of thousands to several million records each.
Related coverage of regulatory and legal developments in tech
Need Help Implementing This?
Source: Engadget
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
Pentagon Releases 161 Declassified UFO Files With 30 Videos
The Pentagon published its first batch of declassified UAP files on May 8, responding to President Trump's February directive. The release includes 161 files with nearly 30 videos showing unidentified objects captured by military sensors, plus eyewitness accounts from Apollo astronauts.
How to Clear Old Windows Drivers Wasting Your SSD Space
Windows stores every driver you've ever installed but never cleans up old versions. This hidden folder can grow to 30GB on gaming PCs. Here's how to safely reclaim that space.
Diablo 4 Gold Bug Gives Players 900% Boost
A Horadric seal item in Diablo 4: Lord of Hatred is giving players a 900% gold bonus. This appears to be a decimal point error. Players are exploiting it to earn billions of gold per hour before Blizzard patches it.