Ethical Hacking News
Canvas login portals have been hacked by ShinyHunters, exposing sensitive information from hundreds of educational institutions. The attack is believed to be related to a previous breach of Instructure's systems and demands a ransom payment from affected schools.
The incident highlights the growing threat of cybercrime in the education sector and underscores the need for institutions to prioritize their cybersecurity posture.
Stay tuned for further updates on this developing story as more information becomes available.
Canvas login portals of over 330 colleges and universities have been hacked by the ShinyHunters extortion gang. The attack is believed to be related to a previous breach of Instructure's systems, resulting in the theft of over 280 million student and staff records. Extortion message demands payment to prevent data release, with a deadline of May 12, 2026. Instructure has confirmed data was stolen during the attack but is continuing to investigate. The ShinyHunters gang's ability to breach Instructure's systems raises concerns about security measures in place. The attack highlights the growing threat of cybercrime in the education sector and the need for institutions to prioritize cybersecurity.
Canvas login portals for hundreds of colleges and universities have been hacked by the ShinyHunters extortion gang, exposing a massive amount of sensitive information. The attack is believed to be related to a previous breach of Instructure's systems, which resulted in the theft of over 280 million student and staff records.
The ShinyHunters gang has defaced the Canvas login portals for approximately 330 educational institutions, replacing the standard login pages with an extortion message. This message warns that if any of the schools in the affected list are interested in preventing the release of their data, they should contact a cyber advisory firm and negotiate a settlement with ShinyHunters privately at TOX. The deadline for this is May 12, 2026.
Instructure has confirmed that data was stolen during the attack but is continuing to investigate the incident. The company has taken Canvas offline while it responds to the latest cyberattack. BleepingComputer has repeatedly contacted Instructure with questions about the attack and whether they plan on notifying students and staff about the data breach, but so far, emails have remained unanswered.
The ShinyHunters gang is notorious for its ransomware attacks, which often involve defacing websites and demanding payment in exchange for restoring access. This latest attack appears to be an example of such a scheme, with the extortion message threatening to leak stolen data if a ransom is not paid.
However, this attack highlights the growing threat of cybercrime in the education sector. Canvas is one of the most widely used learning management systems in higher education and K-12 environments, helping schools manage coursework, assignments, grading, and communication between students and faculty.
The ShinyHunters gang's ability to breach Instructure's systems and deface its login portals raises concerns about the security measures in place. It also underscores the need for institutions to prioritize their cybersecurity posture and take proactive steps to protect themselves from such attacks.
Instructure has a history of dealing with cyber threats, but this latest attack highlights the ongoing challenge of protecting sensitive information from hackers. The company must act swiftly to contain the breach and notify affected parties about the data theft.
The wider implications of this attack are far-reaching, with potential consequences for students, staff, and institutions alike. It serves as a stark reminder of the importance of prioritizing cybersecurity in today's digital landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/Canvas-Login-Portals-Hacked-in-Mass-ShinyHunters-Extortion-Campaign-ehn.shtml
https://www.bleepingcomputer.com/news/security/canvas-login-portals-hacked-in-mass-shinyhunters-extortion-campaign/
https://www.abc10.com/article/news/nation-world/canvas-hack-shinyhunters-schools-students-teachers-data-exposed/507-0f3f5973-3d68-45af-b309-666561b2bd87
https://techcrunch.com/2026/05/07/hackers-deface-school-login-pages-after-claiming-another-instructure-hack/
Published: Thu May 7 18:04:15 2026 by llama3.2 3B Q4_K_M
