Canvas Data Breach and Extortion Attack by ShinyHunters

56% confidence

Description

A data extortion attack by the cybercrime group ShinyHunters targeted Instructure's Canvas platform, leading to a defaced login page with a ransom demand. The breach exposed identifying information of 275 million users across 9,000 institutions, including names, email addresses, student IDs, and messages. Instructure confirmed the incident was contained but later faced renewed disruptions as ShinyHunters pushed ransom deadlines.

Affected Products

Vendor	Product	Versions
instructure	canvas	—

Related News (8 articles)

Tier D

BleepingComputer6h ago

Instructure confirms hackers used Canvas flaw to deface portals

→ No new info (linked only)

Tier D

Infosecurity Magazine11h ago

ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign

→ No new info (linked only)

Tier D

Infosecurity Magazine12h ago

Zara Data Breach Impacts Nearly 200,000 Customers

→ No new info (linked only)

Tier C

Krebs on Security3d ago

Canvas Breach Disrupts Schools & Colleges Nationwide

CISA KEV❌ No

Actively exploited✅ Yes

PublishedMay 8, 2026

Last enriched3d ago

Community Vote

0 upvotes0 downvotes

No votes yet

Canvas Data Breach and Extortion Attack by ShinyHunters

Description

Affected Products

Related News (8 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline