Darkreading
Instructure's Canvas LMS Faces Dual Cyberattacks by ShinyHunters
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Instructure's Canvas learning management system was compromised twice by the ShinyHunters cybercriminal group in May 2026, affecting over 30 million students across 9,000 educational institutions. The initial breach occurred on April 29, 2026, leading to the exposure of user data, including names and emails. Instructure claimed to have resolved the issue by May 6, but a subsequent attack on May 7 resulted in a ransom demand and the threat of releasing 3.65 terabytes of sensitive data. The House Committee on Homeland Security has requested Instructure's CEO to testify regarding the incidents and the company's cybersecurity measures. Lawmakers are particularly concerned about the company's ability to manage vulnerabilities and the potential ransom payment. The second attack exploited cross-site scripting (XSS) vulnerabilities, raising alarms about the security of educational technology platforms. Instructure stated that no customers would be extorted as a result of the incident, claiming that the stolen data was returned.
Key Points: • Instructure's Canvas LMS was hacked twice by ShinyHunters, impacting 30 million students. • The first breach revealed user data, while the second attack involved a ransom demand. • Lawmakers are investigating Instructure's cybersecurity response and vulnerability management.