A massive disruption in Canvasthe digital learning platform used by more than 30 million users worldwide, has generated chaos in educational institutions in the United States during finals week.
Canvas’ parent company Instructure has been hacked, and the site is being held for ransom after suffering a data breach
Over 9000+ schools have reportedly been affected and ~225 million users worldwide had their personal information potentially compromised pic.twitter.com/UxZ7o8cx6N
— internet hall of fame (@InternetH0F) May 7, 2026
The incident, confirmed as a cyberattack by parent company Instructureforced to temporarily disconnect the service after the appearance of extortion messages on the sites of various universities.
The attack was attributed to the hacker group ShinyHuntersknown for previous high-profile incidents such as data theft from Ticketmaster. According to reports, the group managed to breach the platform by exploiting a flaw related to “Free-For-Teacher” accounts (Free for teachers).
The attack impacted more than 8,000 institutions at a global level. Among the renowned universities that reported the hackers’ message or interruptions were:
ShinyHunters compromised Canvas (to a currently unknown extent) which resulted in a “this system has been compromised” to over 9,000 universities.
As ridiculous as that sounds, I’m not memeing. It has been speculated it is actually over 9,000 universities.
ShinyHunters is… pic.twitter.com/WIBkYGv6bE
— vx-underground (@vxunderground) May 7, 2026
At the school level (K-12), effects in districts of at least 11 statesincluding California, Florida, Georgia, North Carolina, Tennessee, Virginia and Wisconsin.
Instructure reported that although the system was fully restored on Friday morning, certain personal information was exposed.
Although service has been restoredthe magnitude of the leak and the type of academic information involved represent a serious cybersecurity concern. Since it has been confirmed exposing names, emails and internal messagesexperts and authorities recommend the following preventive actions To protect the identity and integrity of accounts: