TLDR
-
ShinyHunters ransomware group took down Instructure’s Canvas LMS, threatening to leak data from 9,000 schools and 275 million users by May 12.
Key Takeaways
-
Canvas, Canvas Beta, and Canvas Test are all unavailable; Instructure’s status page confirms active investigation.
-
Breach exposed student names, email addresses, ID numbers, and messages across thousands of institutions.
-
ShinyHunters claims Instructure ignored prior contact and that “security patches” deployed last week were insufficient.
-
Deadline set for May 12, 2026; schools directed to contact ShinyHunters via TOX to negotiate.
-
ShinyHunters has prior confirmed attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel.
Hacker News Comment Review
-
No substantive HN discussion yet.
Original | Discuss on HN
