The Instructure-owned learning management platform, Canvas, is now online again after it went down following a massive data breach that impacted student names, email addresses, ID numbers, and messages. Before systems were restored, students who attempted to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack:
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas.
“Yesterday, Instructure discovered the unauthorized actor involved in our ongoing security incident made changes to the pages that appeared when some students and teachers were logged in. Out of an abundance of caution, we immediately took Canvas offline to contain access and further investigate,” Instructure said in a statement to The Verge. “We regret the inconvenience and concern this may have caused.”
According to Instructure’s status page, Canvas is now available for most users, though Canvas Beta and Canvas Test systems are still in maintainence mode. Instructure is also investigating an issue where some users are having difficulties logging into Student ePortfolios.
“We have confirmed that the unauthorized actor exploited an issue related to our Free-For-Teacher accounts. As a result, we have made the difficult decision to temporarily shut down our Free-For-Teacher accounts,” Instructure said in its statement. The company has not mentioned when those accounts are expected to be restored.
Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.
Update, May 7th: Added Instructure’s maintenance mode message.
Update, May 8th: Added statement from Instructure regarding the service being back online.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
- Emma Roth
- Jess Weatherbed
Instagram Engineering
Shopify Engineering