ewsba.se
(RTTNews) - Instructure (INST), the company behind the popular Canvas platform, has confirmed a serious cyberattack connected to the hacking group ShinyHunters, which has led to the exposure of data for millions of students and educators around the globe.
This breach started on April 30, 2026, when hackers took advantage of a vulnerability to gain unauthorized access to Instructure's systems. In response, the company temporarily shut down certain parts of its services, including Canvas Data 2 and Canvas Beta, which disrupted various integrations and third-party applications used by educational institutions.
According to Instructure, the compromised data includes names, email addresses, student ID numbers, and private messages exchanged between users. Fortunately, the company noted there's currently no sign that passwords, financial data, government IDs, or birth dates were part of the breach.
ShinyHunters has claimed to have stolen 3.65 terabytes of data, which supposedly includes around 275 million records, featuring billions of private messages between students and teachers. The hackers also mentioned they accessed Instructure's Salesforce environment.
Several prominent universities, like the University of Oxford, University of Cambridge, Harvard, Stanford, and the University of Melbourne, have reportedly been affected.
To respond to this incident, Instructure said it has rotated application keys, revoked privileged credentials, and reset access tokens to limit the breach and prevent further unauthorized access.
Cybersecurity experts are raising concerns that even though passwords and banking info weren't exposed, the leaked personal data and private communications could potentially be exploited in phishing attacks and scams targeting students and faculty.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
This data feed is not available at this time.