Key Takeaways

- Instructure reached a deal with ShinyHunters after hackers stole data on 280 million Canvas users
- The FBI advises against paying ransoms but Instructure proceeded anyway
- ShinyHunters provided 'shred logs' as proof of data destruction
Education technology company Instructure has paid hackers to retrieve stolen customer data, directly contradicting FBI guidance on ransomware payments. The company announced it "reached an agreement" with hacker group ShinyHunters, which had breached its Canvas learning management system earlier this month.
The breach exposed names, email addresses, and private messages belonging to approximately 280 million Canvas users. ShinyHunters had threatened to leak the data if Instructure didn't respond by May 12.
What Instructure Got in Return
According to TechCrunch, Instructure received the stolen data back along with what the company calls "digital confirmation of data destruction (shred logs)" from ShinyHunters. The hackers also promised that "no Instructure customers will be extorted as a result of this incident, publicly or otherwise."
Instructure has not disclosed the financial terms of the agreement. A previous version of the company's security update, reported by the BBC, stated: "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible."
FBI Says Don't Pay
The FBI's position on ransomware payments is unambiguous. The bureau "does not support paying a ransom in response to a ransomware attack," according to its official guidance. Last week, the FBI's Cyber Division posted directly about the Canvas breach on X.
"If you are contacted directly by anyone claiming to have your data, we recommend you not send payment or respond to their demands," the FBI wrote.
The logic behind this advice is straightforward. Paying ransoms funds criminal operations and provides no guarantee hackers will honor their promises. A criminal who breaks into systems for profit has little incentive to keep their word once paid.
ShinyHunters' Recent Targets
The Canvas breach wasn't ShinyHunters' only recent attack. The group claims to have breached Nvidia's GeForce Now service, saying it "pulled their entire database straight from the backend."
Last month, ShinyHunters also targeted Rockstar Games, demanding ransom related to GTA 6. That threat fizzled when it became clear the hackers didn't have much valuable data to leak.
What Happens Next
Instructure's latest security update doesn't explain why leadership chose to negotiate with criminals despite FBI guidance. The company says it will provide more details in an upcoming webinar covering "information about the cyber attack and our activities to harden the system."
This was actually ShinyHunters' second breach of Instructure's systems. That repeat attack raises questions about the company's security practices that a webinar may struggle to answer.
Logicity's Take
Frequently Asked Questions
How many users were affected by the Canvas data breach?
Approximately 280 million Canvas users had their names, email addresses, and private messages potentially exposed in the ShinyHunters breach.
Did Instructure pay a ransom to ShinyHunters?
Instructure confirmed it "reached an agreement" with ShinyHunters but has not disclosed the financial terms. The company received the stolen data back along with proof of data destruction.
What does the FBI say about paying ransomware demands?
The FBI explicitly advises against paying ransoms, stating it "does not support paying a ransom in response to a ransomware attack" and recommends not responding to hacker demands.
Who is ShinyHunters?
ShinyHunters is a hacker group that has recently targeted Instructure's Canvas platform, Nvidia's GeForce Now, and Rockstar Games. The group exfiltrates data and demands ransoms from victims.
Need Help Implementing This?
Source: PCGamer latest
Manaal Khan
Tech & Innovation Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
More in Gaming
WWE WrestleMania 42 Power Rankings: The 10 Best Wrestlers Heading Into Las Vegas
With WrestleMania 42 just days away in Las Vegas, the WWE roster is stacked with talent firing on all cylinders. From Liv Morgan's Royal Rumble redemption to Oba Femi's explosive main roster debut, here's who's dominating the business right now.

Spider-Man Beyond the Spider-Verse First Images: Sony Drops Fresh Look at the Spider-Verse Finale
Sony just gave us our first real look at Spider-Man: Beyond the Spider-Verse with four new images and fresh footage from CinemaCon 2026. The final chapter of the Oscar-winning trilogy shows Miles Morales on the run, hunted by the Spider Society, and racing to save his family. Mark your calendars for June 18, 2027.

Sony Pictures CEO Tom Rothman Tells Cinemas to 'Get Off the Ad Crack' at CinemaCon 2026
Sony Pictures chairman Tom Rothman delivered a blunt message to theater operators at CinemaCon 2026, urging them to cut back on the endless pre-show trailers and ads. His argument? Moviegoers are already planning to show up 30 minutes late just to skip the whole mess. The comments came during Sony's showcase, which also teased upcoming films like the live-action Zelda movie and a Helldivers adaptation starring Jason Momoa.


