Canvas is down as ShinyHunters threatens to leak schools' data
ShinyHunters ransomed Instructure’s Canvas LMS mid-finals week, taking down the platform used by thousands of schools and exposing data on 275 million students, teachers, and staff.
What Matters
- ShinyHunters set a May 12, 2026 deadline before leaking data from 9,000 schools; Instructure had already patched without paying.
- Breached data includes student names, email addresses, ID numbers, and messages.
- ShinyHunters previously hit Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel.
- Instructure’s status page listed Canvas, Canvas Beta, and Canvas Test as unavailable with no substantive breach disclosure.
- [HN: @blahedo] A university faculty member mid-finals reported Canvas down at 5:17 PM EDT; students couldn’t resubmit work because artifacts lived only inside Canvas.
- [HN: @kelnos] MIT recently abandoned its homegrown LMS for Canvas; the build-vs-buy pendulum has swung hard toward buy, leaving schools exposed to single-vendor outages.
- [HN: @tptacek] UIUC biochem PhD program cancelled all finals; tptacek’s son called it good news.
