--- title: "Instructure Confirms Canvas Breach as ShinyHunters Lists Stolen Data" date: 2026-05-04 author: "Sofia Ramirez" featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/05/instructure-confirms-canvas-data-breach.jpg" categories: - name: "Cybersecurity" url: "/cybersecurity.md" tags: - name: "News" url: "/tag/news.md" --- # Instructure Confirms Canvas Breach as ShinyHunters Lists Stolen Data A major cybersecurity incident at Instructure has exposed user data, with hacker group ShinyHunters claiming responsibility and listing the stolen data online. ## Quick Summary – TLDR: - Instructure confirmed a data breach affecting users of its Canvas platform. - Personal data like names, emails, and student IDs were exposed, along with user messages. - ShinyHunters claims 275 million users were impacted across thousands of institutions. - No evidence of passwords or financial data exposure so far, according to the company. ## What Happened? Instructure disclosed a cyberattack that disrupted some of its services and led to unauthorized access to user data. The company confirmed that personal information and messages were exposed, while an ongoing investigation is being carried out with cybersecurity experts and law enforcement. > JUST IN: ShinyHunters stole 240 million records from Canvas LMS in a cyberattack on Instructure, affecting 15,000 institutions. [pic.twitter.com/HWNsLigzZC](https://t.co/HWNsLigzZC) > > — EinEurope (@EinEurope) [May 4, 2026](https://twitter.com/EinEurope/status/2051181307292422463?ref_src=twsrc%5Etfw) ## Cyberattack Disrupts Services and Exposes Data The incident was first revealed on April 30, when Instructure reported disruptions affecting tools that rely on API keys. The company worked through the weekend to restore services, with access to its Canvas Data platform largely restored by May 3. In a follow up statement, Instructure confirmed that **[cybercriminals](https://sqmagazine.co.uk/cybercrime-statistics/) were behind the attack** and that external forensic experts had been brought in to investigate the breach. The company said it acted quickly to contain the situation and reduce its impact. “**We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact**,” the company said. ## What Data Was Compromised? According to Instructure, the [compromised data](https://sqmagazine.co.uk/data-breach-statistics/) includes: - **Names and email addresses of users**. - **Student ID numbers**. - **Messages exchanged between users, including students and teachers**. The company emphasized that **sensitive data such as passwords, dates of birth, government identifiers, and financial information were not involved** based on current findings. It also noted that impacted institutions would be notified if that assessment changes. ## Security Measures and Response In response to the breach, Instructure implemented several security measures: - **Revoked privileged credentials and access tokens**. - **Rotated application keys and required reauthorization for API access**. - **Deployed patches to fix vulnerabilities**. - **Increased system monitoring to detect further threats**. The company confirmed that the attack has been contained, though investigations are still ongoing. ## ShinyHunters Claims Massive Data Theft Shortly after the breach disclosure, ShinyHunters listed Instructure on its leak site, claiming responsibility for the attack. The group alleges it stole **between 240 million and 275 million records**, totaling around **3.65 terabytes of data**. According to the claims: - **Nearly 9,000 schools worldwide were affected.** - **Data spans up to 15,000 institutions across multiple regions.** - **The dataset includes students, teachers, and staff information.** - **Private conversations and course related data are part of the breach.** - **The company’s Salesforce environment may also have been compromised.** These claims have not been fully verified by Instructure, which has not disclosed the exact number of affected users or institutions. ## Growing Concerns Around Edtech Security The scale of the alleged breach has raised concerns about the security of widely used education platforms. With Canvas being a core system for schools and universities globally, any compromise could have wide reaching implications. ShinyHunters is known for high profile attacks targeting major organizations, often using stolen data for extortion. The group has previously claimed breaches involving large datasets and enterprise systems, including Salesforce environments. ## SQ Magazine Takeaway I think this incident shows how vulnerable even the most widely trusted education platforms can be. When a system like Canvas gets hit, it is not just a technical issue, it directly affects millions of students and teachers who rely on it daily. Even though passwords and financial data were not exposed, the idea of private academic conversations being leaked is worrying. Companies in the education space need to treat cybersecurity as a top priority, not just a backend function.