π¨ Breaking
π Education
Canvas Hacked: 275 Million Students and Teachers Hit β Billions of Private Messages Threatened
Canvas, the digital platform used by millions of students and teachers worldwide to submit homework, communicate and manage courses, has been hacked. The cybercriminal group ShinyHunters claims to have stolen 3.65 terabytes of data affecting up to 275 million people across nearly 9,000 educational institutions. The deadline: 7 May 2026. If Instructure doesn't pay, everything gets published.
275M
People affected according to ShinyHunters
9 000
Schools affected worldwide
3,65 To
Data stolen + billions of messages
π What is Canvas?
Canvas is the world's most widely used school management platform, developed by US company Instructure. In practice, it's the tool students use to submit homework online, teachers use to post lessons and grades, and everyone uses to send private messages.
Used by more than 8,000 institutions β universities, high schools, colleges β mainly across North America, Europe and Asia-Pacific, Canvas is at the heart of the digital school life of millions of families.
π Timeline of the attack
-
April 30First signs β mysterious outages Instructure detects disruptions to tools using API keys. Students can no longer access certain features.
-
May 1Confirmation β a criminal breached the network Instructure's CISO, Steve Proud, publicly confirms a criminal threat actor breached their network. External forensics experts are called in urgently.
-
May 3ShinyHunters strikes β "FINAL WARNING" The group posts on its dark web site: "FINAL WARNING PAY OR LEAK". They claim 275 million people and billions of private messages.
-
May 4-5Instructure confirms data theft The company admits names, emails, student IDs and private messages were exposed. Services are partially restored.
-
May 7β οΈ DEADLINE β Everything published if no payment ShinyHunters threatens to publish all data if Instructure doesn't make contact. Negotiations are still ongoing.
π What data was stolen?
π¨ Data confirmed stolen by Instructure
- Full names of students, teachers and staff
- Email addresses β personal and institutional
- Student ID numbers
- Private messages exchanged between students and teachers
β
What was NOT stolen according to Instructure
- Passwords
- Dates of birth
- Social security numbers or government identifiers
- Bank details or financial information
π Who are ShinyHunters?
ShinyHunters is one of the most active cybercriminal groups in the world in 2026. Their method: hack companies, steal as much data as possible, then threaten to publish it unless a ransom is paid.
Their 2026 track record is impressive and terrifying:
- February 2026: 6.2 million records stolen from Dutch telecom operator Odido
- March 2026: 350GB of European Commission data published
- March 2026: 11 million students affected via Infinite Campus
- May 2026: Canvas / Instructure β 275 million people
π€ Does your child use Canvas? Here's what to do
β οΈ How to know if their school uses Canvas
- Check if your child accesses lessons via a portal with the Canvas logo (blue background, white C)
- Ask the school whether they use Canvas or Instructure
- Canvas is widely used in American, British and Australian universities, and some European secondary schools
- In the UK: Canvas is used by many universities including Birmingham, Edinburgh and Warwick
π‘ What you should do now
- If your child uses Canvas: change the email password linked to the account
- Enable two-factor authentication on their email
- Watch out for targeted phishing emails using their name and school in the coming weeks
- Talk to them about the risks β their private messages with teachers could be published
- Wait for the official communication from their school
Has your child received a suspicious email related to Canvas?
Describe it to CyberGuard β it'll tell you in seconds whether it's phishing.
π€ Analyse with CyberGuard βπ Complete guide β Protect Your Family Online
30 pages Β· Children, personal data, scams Β· Instant download