ShinyHunters Breaches Instructure Canvas LMS, Exposing User Data

Severity: High (Score: 66.0)

Sources: Cybersecuritynews, Gbhackers

Summary

In May 2026, the hacking group ShinyHunters breached Instructure's Canvas LMS by exploiting the Free-For-Teacher account program. The breach, confirmed by Instructure on May 3, involved unauthorized access detected on April 29, exposing user names, email addresses, student ID numbers, and private messages. ShinyHunters initiated an extortion campaign, threatening to leak the stolen data unless a ransom was paid. Thousands of schools worldwide are affected, with significant data exposure impacting both students and faculty. The incident highlights vulnerabilities in educational platforms and raises concerns about data security in the education sector. Key Points: • ShinyHunters exploited Free-For-Teacher accounts to breach Canvas LMS. • The breach exposed sensitive data of students and faculty from thousands of schools. • An extortion campaign was launched, threatening to leak stolen data if ransom demands were not met.

Key Entities

• ShinyHunters (apt_group)
• Data Breach (attack_type)
• Instructure (company)
• Canvas LMS (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1078 - Valid Accounts (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)