Canvas school login portals hacked as Instructure hack apparently gets even worse

News
By published

ShinyHunters really wants a pay day

Proactive Cybersecurity Service That Neutralizes Threats Within a Digital Network - Conceptual Illustration
(Image credit: Shutterstock)
  • ShinyHunters briefly hijacked login portals for ~330 institutions, posting ransom demands and threats
  • The group extended its deadline to May 12, warning of full data leaks if no settlement is reached
  • Instructure confirmed the earlier breach but maintains sensitive financial and ID data was not exposed

The Instructure cyberattack has apparently reached a new level as, in order to pressure victims into paying a ransom demand, ShinyHunters has defaced Canvas login portals for hundreds of colleges and universities.

Members of roughly 330 educational institutions were met with an entirely different “welcome” message when trying to log into the Canvas learning system following the next stage of the group's attack.

"ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some 'security patches'," the message said. "If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked."

Latest Videos From

Pushing the deadline

The defacement message was reportedly visible for roughly half an hour, before being pulled by Canvas’ team.

Instructure, the company behind the Canvas system, recently notified its users about suffering a cyberattack and losing sensitive customer data. Instructure said the crooks accessed “certain identifying information of users” at affected institutions, including names, email addresses, student ID numbers, and user communications.

At the same time, ShinyHunters added Instructure to their data leak site, claiming the attack affected nearly 9,000 schools and 275 individuals worldwide.

"Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached, and a lot more other data is involved."

It seems Instructure wasn’t interested in negotiating with the miscreants, since earlier this week, they updated their site, name-dropped multiple high-profile universities, and pushed the deadline to May 7.

Now, the deadline seems to have been pushed again, this time to May 12.

Passwords, dates of birth, government identifiers, or financial information, were not involved, and the company revoked privileged credentials and access tokens associated with affected systems in order to mitigate the threat.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.