04.05.2026
3 min
186
Hacking group ShinyHunters has announced a large-scale breach of Instructure’s Canvas education platform, claiming to have compromised the data of hundreds of millions of students and teachers around the world.
According to Shiny Hunters (a hacking group), this breach may affect almost 9,000 institutions around the globe and about 275 million individuals.
Initially reported last week, yesterday Instructure officially announced that user data had been exposed. That data included names, email addresses, student identification numbers and private communications between students, instructors and other users within the system.
Although Instructure stated that the investigation into the breach continues, “there are currently indicators that the information in question consists of certain personally identifiable information of users at the relevant institutions, such as names, email addresses, and student ID numbers, as well as messages between users,” according to a statement made by the organization.
Instructure further explained that it does not believe sensitive information was accessed. Specifically, the organization stated that no passwords, dates of birth, government issued I.D.s or financial information were obtained by the hackers.
Once aware of the breach, Instructure immediately took several steps to protect customers’ systems, including implementing technical patches; increasing system monitoring; rotating software keys; and requiring each customer to re-authenticate access to the API so that they can receive new keys.
A representative of Shiny Hunters reportedly claimed that the attack on Instructure resulted in access to more than 240 million records related to students, faculty and staff from close to 15,000 institutions across North America, Europe and East Asia/Oceania. They also allegedly hacked an instance of Salesforce being utilized by Instructure.
Shiny Hunters is responsible for many highly publicized breaches. The hacking group has been connected to past hacks against notable companies like Google, AT&T and Air France-KLM. Many of these hacks occurred because of vulnerabilities in software applications or because Shiny Hunters gained unauthorized access to Salesforce-based environments. Last year, Shiny Hunters apparently stole 1.5 billion records from greater than 760 organizations. More recently, they leaked data related to Red Hat via their own leak-site. Researchers who study cyber threats refer to the model that Shiny Hunters utilizes as a “ransomware-as-a-service” model.
However, neither the extent of this breach nor when it actually occurred have been independently confirmed. Instructure did not respond to inquiries regarding the specific date of the breach or if extortion was involved. An investigation is underway involving third-party cybersecurity professionals and law enforcement agencies.
