Cyberattack on Canvas: Data breach of students and faculty
8 may 2026 в 18:37
Canvas is a cloud-based learning management system operated by Instructure, used by schools and universities for assigning tasks, grading, conducting quizzes and exams, messaging, and accessing educational materials. The platform has over 30 million active users worldwide and is utilized by more than 8,000 educational institutions.
According to reports, the cyberattack was carried out by a group of hackers known as ShinyHunters, who claimed to have breached systems related to Canvas and gained access to the data of millions of students, teachers, and staff. Users attempting to log in during the outage were reportedly redirected to ransom messages demanding payment to prevent data leaks.
Instructure reported that the hackers exploited a vulnerability related to «Free-For-Teacher» accounts. The company later confirmed that some customer data, including names, email addresses, student ID numbers, and user messages, may have been accessible, although there were reportedly no indications that passwords or financial information had been compromised.
Canvas experienced widespread outages on May 7, 2026, leaving students and instructors without access to educational materials, exams, and grades during finals week. Universities across the country, including Harvard, Georgetown, Columbia, and Rutgers, alerted students about the breaches, and in some cases, adjusted exam schedules or deadlines.
By the end of May 7 and into May 8, Instructure reported that Canvas had been restored for «most users», - although some systems—including certain testing and beta environments—remained under maintenance while the investigation continued
According to reports, the cyberattack was carried out by a group of hackers known as ShinyHunters, who claimed to have breached systems related to Canvas and gained access to the data of millions of students, teachers, and staff. Users attempting to log in during the outage were reportedly redirected to ransom messages demanding payment to prevent data leaks.
Instructure reported that the hackers exploited a vulnerability related to «Free-For-Teacher» accounts. The company later confirmed that some customer data, including names, email addresses, student ID numbers, and user messages, may have been accessible, although there were reportedly no indications that passwords or financial information had been compromised.
Canvas experienced widespread outages on May 7, 2026, leaving students and instructors without access to educational materials, exams, and grades during finals week. Universities across the country, including Harvard, Georgetown, Columbia, and Rutgers, alerted students about the breaches, and in some cases, adjusted exam schedules or deadlines.
By the end of May 7 and into May 8, Instructure reported that Canvas had been restored for «most users», - although some systems—including certain testing and beta environments—remained under maintenance while the investigation continued
© Zhinobaeva Margarita












