In what is being described as a “global incident,” the Canvas by Instructure learning management system—the digital backbone for millions of students—was crippled by a cyberattack in the middle of finals week. The breach, claimed by the notorious ShinyHunters extortion gang, has forced universities to cancel exams, left students scrambling for grades, and triggered a massive data ransom demand.
By Thursday afternoon, May 7, 2026, tens of thousands of students across North America found themselves staring at “Scheduled Maintenance” screens or, in some cases, the hackers’ own extortion demands displayed directly on login pages.
The Breach: 3.65TB of Stolen Education Data
ShinyHunters claims to have exfiltrated 3.65 terabytes of data from Instructure. This cache reportedly includes:
- 275 Million Personal Messages: Private communications between faculty and students.
- Student Records: Grades, coursework, and personal identification data.
- Institutional Data: A victim list encompassing more than 9,000 schools and universities.
The Deadline: The hackers have issued a chilling ultimatum: individual schools must negotiate a settlement via the TOX messaging protocol by May 12, 2026. If the deadline passes without payment, the group threatens to leak the entire dataset publicly.
Campus Impact: “Might Be Cooked”
The timing of the attack—during the peak of spring semester finals—has created unprecedented academic disruption.
- Boise State University: All final exams scheduled for Friday were canceled. The university informed students that exams would not be rescheduled and grades would not be penalized.
- Ivy League Targets: Harvard, Yale, Princeton, and Columbia appeared on the hackers’ victim list. Students at these elite institutions have been instructed to change passwords immediately.
- Defaced Login Pages: At the University of Pennsylvania, students reported seeing the ShinyHunters extortion message live on their Canvas portal before the system was taken offline for emergency repairs.
“I’m locked out of my exam… the Honorlock access code is no longer working. I might be cooked.” — Student post on X (formerly Twitter)
ShinyHunters: A “Press Statement” from the Dark Web
On May 8, the group posted a mock “press statement” on their leak site. Claiming to be flooded with inquiries from around the world, the group wrote: “We are not commenting and have no further comment to make regarding this global incident.”
This ironic silence follows their claim that Instructure ignored initial negotiations and instead attempted to “quietly” patch the security holes. The group’s reappearance marks their second major breach of Instructure, according to their own statements.
Checklist for Students and Faculty
If your institution uses Canvas, take the following steps to secure your digital identity:
- Reset Your Passwords: Even if your school hasn’t officially announced a breach, change your Canvas and university email passwords immediately.
- Enable MFA: Ensure Multi-Factor Authentication is active on all school-related accounts.
- Watch for Phishing: Expect a wave of targeted phishing emails. Attackers may use stolen “personal messages” to make their scams look more convincing.
- Document Your Work: If you have access, download copies of your submitted assignments and current grades in case the system experiences further downtime.
