Canvas, the popular learning platform used by millions of students, went offline Thursday after hackers called ShinyHunters took control of the system. The group is threatening to release stolen student data unless their demands are met.
This isn’t just another tech glitch. ShinyHunters successfully grabbed student names, email addresses, ID numbers, and private messages from the platform. When students tried to log in, they saw a message directly from the hackers instead of their usual homepage.
Second Time’s the Charm
What makes this particularly embarrassing for Canvas owner Instructure is that ShinyHunters has done this before. The hacking group specifically mentioned this is their second successful breach of the same company, suggesting Canvas never fully fixed the security holes from the first attack.
ShinyHunters is known for stealing data from major companies and either selling it on the dark web or holding it for ransom. They’ve previously targeted Microsoft, AT&T, and dozens of other big names. Their typical playbook involves stealing sensitive information, then giving companies a deadline to pay up or face public data dumps.
Canvas serves over 30 million students and teachers worldwide, making this one of the larger education data breaches in recent years. The timing couldn’t be worse, as many schools are in the middle of final exams and end-of-semester activities that rely heavily on the platform.
What Happens Next
Instructure hasn’t said whether they plan to negotiate with the hackers or when Canvas might be back online. Students and teachers are stuck waiting while their assignments, grades, and course materials remain locked away behind the hackers’ demands.
