ShinyHunters defaced Canvas login pages at multiple schools with an extortion message, threatening to publish stolen data on May 12 unless Instructure negotiates.
Key Takeaways
This is a second, separate breach from the Tuesday disclosure; ShinyHunters injected an HTML file altering Canvas login screens at three confirmed schools.
Original breach allegedly affected ~9,000 schools worldwide with data on 231 million people, including student names, emails, and teacher-student messages.
Hackers are escalating pressure by defacing customer-facing portals and directly notifying press, a classic extortion ramp-up tactic.
Instructure’s site showed intermittent “too many requests” errors and a “scheduled maintenance” notice during the incident.
ShinyHunters declined to explain the attack vector, only confirming it is distinct from the first intrusion.
Hacker News Comment Review
No substantive HN discussion yet; the single comment redirects to a parallel HN thread where discussion is consolidating.
