ShinyHunters Canvas/Instructure breaches escalating (second major attack)
Key Questions
What is the latest ShinyHunters attack on Instructure Canvas?
ShinyHunters launched a second major attack on Instructure Canvas in early May 2026, causing outages like at CU Boulder and threatening to leak data. They demand ransom with a deadline, escalating from prior breaches. This affects Canvas, a widely used learning management system.
What data is at risk in the Instructure Canvas breach?
The breach puts 280 million PII records and 6.65TB of data from 9,000 schools and 275 million users at risk. ShinyHunters threatens full exposure if ransom is unpaid. Educational institutions face significant student privacy concerns.
Why is this considered a second major attack by ShinyHunters?
ShinyHunters previously targeted Instructure, and this early May 2026 incident marks their second major escalation on Canvas. It follows patterns seen in attacks like NVIDIA and other high-profile breaches. The group is known for ransom-driven data leaks in edtech.
What impacts have been observed from the Canvas breach?
Canvas experienced downtime, including probes taking CU Boulder offline, disrupting learning platforms. Instructure confirmed the significant security breach affecting its Canvas Learning Management System. This reveals vulnerabilities in education technology and third-party cybersecurity.
What should organizations do in response to the Canvas breach?
Edtech users must inventory Canvas usage, rotate credentials immediately, and monitor for data leaks. Enhance third-party risk management given the scale affecting 275 million users. Prepare for potential PII exposure and strengthen student privacy measures.
ShinyHunters launches second major attack on Instructure Canvas early May 2026 (CU Boulder offline probe, 280M PII/6.65TB data/9k schools/275M users at risk, ransom deadline); prior escalations. Inventory Canvas/rotate creds critical for edtech.