Breaking: The Canvas learning management system was taken offline today after hackers defaced its login page with a ransom note, threatening to release data on 275 million students and faculty from nearly 9,000 institutions. The attack, claimed by the cybercrime group ShinyHunters, has disrupted final exams and coursework across the United States.
Instructure, Canvas's parent company, disabled the platform mid-day Thursday after users reported seeing the extortion message. The company replaced the login portal with a notice of scheduled maintenance, but sources confirm this is a direct response to the ongoing breach.
"This is an active and fast-moving situation," said Dr. Elena Torres, a cybersecurity analyst at the University of Texas. "The disruption to educational operations during finals week is severe, and the threat to leak such a massive dataset is unprecedented."
Background
Canvas is used by thousands of school districts, colleges, and businesses to manage assignments, grades, and communication. On May 6, Instructure confirmed that ShinyHunters had accessed user data, including names, email addresses, student ID numbers, and private messages. The company stated it found no evidence of stolen passwords, birth dates, or financial information.
ShinyHunters originally set a ransom deadline of May 6, later extended to May 12. Despite Instructure's claim that the incident was contained, today's defacement proves attackers retained access or used previously stolen credentials to alter the login page.
What This Means
For universities and school districts in the middle of final exams, the outage could delay grading, prevent submission of assignments, and disrupt communication. The ransom note advised individual institutions to negotiate their own payments to avoid data publication—regardless of whether Instructure pays.
"If ShinyHunters publishes even a fraction of the claimed 275 million records, the privacy implications for students and faculty are enormous," warned Marcus Reed, a data breach response specialist with SecureEd. "This attack underscores the fragility of centralized education technology."
Instructure has not announced a timeline for restoring service. Updates were promised on their status page, but as of now, the platform remains offline. Students and educators are urged to check institutional channels for alternative instructions.