Instructure Restores Canvas After Cyberattack, Shuts Free-For-Teacher Accounts Over 9,000-School Threat
Updated
Updated · Fox News · May 11
Instructure Restores Canvas After Cyberattack, Shuts Free-For-Teacher Accounts Over 9,000-School Threat
8 articles · Updated · Fox News · May 11
Canvas is back online after Instructure took the platform offline to contain unauthorized activity, while temporarily shutting down Free-For-Teacher accounts tied to the breach.
April 29 and May 7 intrusions were linked to the same exploited issue, and Instructure said the attacker altered pages seen by some logged-in students and teachers.
Instructure said data taken in the April 29 incident included names, email addresses, student ID numbers and Canvas messages, but it has found no evidence that passwords, birth dates, government IDs or financial data were exposed.
ShinyHunters claimed responsibility, threatened to leak data unless schools responded by May 12, and said it held information tied to nearly 9,000 schools and 275 million people—figures Instructure has not verified.
The outage hit during finals week at schools including Harvard, Penn, Duke, UCLA and Nebraska, underscoring how a single classroom platform failure can disrupt assignments, exams and school communications.
After a second major breach by the same hackers, is the world's top education platform fundamentally insecure?
How will the largest data breach in education history permanently change digital privacy and security for schools worldwide?