A screenshot taken and shared by a reader showing the extortion message that was shown on the Canvas login page today. The message reads: ShinyHunters has breached Instructure (again.) Instead of constacting us to resolve it they ignored us and did some "security patches." If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at Tox to negotiate a settlement. You have until the end of the day by May 12 2026 before everything is leaked."

Notices where this attachment appears

1. Embed this notice
   BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 08-May-2026 12:29:04 JST BrianKrebs

   New, from me: Canvas Breach Disrupts Schools and Colleges Nationwide

   "An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions."

   "Canvas parent firm Instructure [NYSE:INST] responded to today's defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students."

   Lots more here:

   https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/

   #canvas #breach #shinyhunters #instructure