Hackers deface school login pages after claiming another Instructure hack
Source: TechCrunch
Defaced login pages
TechCrunch observed a message posted by the cyber‑crime group ShinyHunters on the Canvas login pages of three separate schools. The defacement involved injecting an HTML file that altered the login screens to display the hackers’ note.
The note warns that the stolen data will be published on May 12 unless Instructure “negotiate a settlement.”
Current status
- Instructure’s main website was partially online, intermittently returning a “too many requests” error.
- The Canvas portal displayed a notice stating it was “currently undergoing scheduled maintenance.”
- Instructure did not immediately respond to TechCrunch’s request for comment.
Hacker claims and motivation
ShinyHunters previously claimed responsibility for the original breach, publicizing it on their leak site to pressure Instructure into paying a ransom. By notifying TechCrunch about the new defacements, the group appears to be intensifying pressure on Instructure and its customers.
A ShinyHunters member told TechCrunch they could not comment on specifics but confirmed this was a “second, separate breach.”
Scope of the original breach
- The hackers claimed to have stolen data from nearly 9,000 schools worldwide.
- The compromised files allegedly contain information on 231 million people.
Pattern of activity
- Hack the target.
- Publicize the breach (often via a leak site).
- Extort the victim for payment to prevent data release.
References
- Instructure data breach announcement: https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/
- ShinyHunters tag on TechCrunch: https://techcrunch.com/tag/shinyhunters/