Instructure Canvas hack update: Breach involved a specific teacher account type and interrupted finals

Source: Mashable Tech

Overview

The hacking collective ShinyHunters disrupted the Instructure Canvas platform twice within a few weeks, coinciding with school finals at many affected institutions.

First breach (April 30)

• Instructure, the edtech company behind Canvas, temporarily went offline on April 30.
• The next day, Instructure confirmed that a “criminal threat actor” was behind a data breach into its systems.
• ShinyHunters claimed to have stolen data from 275 million Canvas users at nearly 9,000 schools worldwide. The compromised information included usernames, email addresses, student IDs, and private messages. No passwords or other highly sensitive data were reported as taken, but some of the affected users were underage students.

Response:
Instructure revoked the attackers’ access, implemented fixes, and restored Canvas to online status.

Second breach (one week later)

• ShinyHunters announced a second attack, compromising school‑specific login pages and defacing them with threats to release the previously stolen data unless Instructure agreed to “negotiate a settlement.”
• The ransomware group is known for extorting victims after a breach.
• Canvas went offline again. When it returned, Instructure had removed the source of the second incident: Free‑For‑Teacher accounts.

According to Instructure’s updated incident page, the company identified “a vulnerability regarding support tickets in our Free for Teacher environment that was exploited.”

“We temporarily disabled Free for Teacher while we complete a full security review. We know that’s disruptive, and we didn’t make that call lightly. But keeping the entire Canvas platform secure has to come first.” – Instructure

No additional data was reported stolen in the second breach, but the timing severely impacted students during finals.

Impact on students and faculty

• As reported by PCMag, “students and professors struggled to access the online platform used to submit assignments and tests.”
• A parent of a Seton Hall University student shared an email from the school acknowledging the disruption during finals.

“We know the timing of this is hard. Finals are underway, coursework is due, and Canvas being offline right now is genuinely disruptive.” – Seton Hall University

• Baylor University in Texas postponed final exams on May 8, 2026, due to Canvas access issues.

“With Canvas down at the national level, Baylor University will delay final exams tomorrow (Friday, May 8, 2026).” – Baylor University

Search trends

Data from Alliance Risk Trends showed that Google searches for “canvas hacked” and “canvas down” spiked roughly 1,000 % on the Friday following the incidents, with a combined search volume exceeding 1 million.

Current status

Canvas is now back online. However, ShinyHunters has set a “settlement” deadline to release the stolen data on May 12, 2026, which remains pending.