Canvas Has Been Hacked, and Is Apparently Being Held for Ransom
The cloud-based learning management system is used by more than 8,000 colleges and universities.
AbJimroe
Stephen Johnson Senior Staff Writer
Experience
Stephen Johnson is a senior staff writer at Lifehacker covering pop culture and technology, including the columns “The Out-of-Touch Adults’ Guide to Kid Culture” and “What People Are Getting Wrong This Week.”
May 7, 2026
Add as a preferred source on Google
Credit: AnnaStills / Shutterstock.com
Key Takeaways
Shinyhunters hacker group has compromised Canvas, the learning management system used by over 8,000 schools and universities. The hackers are demanding ransom by May 12, or data will be released. A past Canvas hack from Shinyhunters did not compromise financial information.Table of Contents
Canvas, the cloud-based learning management system used by more than 8,000 colleges and universities, including all top ten colleges in the U.S., is being held for ransom. A group called Shinyhunters has claimed responsibility for the hack and has given Canvas' parent company, Instructure, until May 12 to reach a settlement, or else "everything is leaked."
Canvas outages have been reported nationwide
There's no word on how many schools have been affected, but reports of students being unable to access Canvas are coming in from universities and colleges all over the country. Over the last half an hour, complaints of Canvas being down have gone from nearly none to over 8,000 on Down Detector.
Credit: Stephen Johnson
A similar breach of Instructure took place in late April or early May, and the company confirmed that names, email addresses, student ID numbers, and private messages exchanged between users were exposed by Shinyhunters, but said there was no evidence of compromised passwords, dates of birth, social security numbers, or financial information.
Instructure updated its software on May 2, saying that it had deployed patches, increased monitoring, and taken other measures meant to contain the damage, a fact referenced by ShinyHunters in the message left for Canvas users:
What do you think so far?
Credit: Stephen Johnson
The hacker group claimed its previous hack added up to over 3 terabytes of data, affecting 275 million students, teachers, and others at close to 9,000 educational institutions. Whether this latest breach will be that large remains to be seen.
What to do if you're affected by the Canvas outage
While the threat is presumably being resolved, here are some steps students and faculty can take to make their digital data more secure on Canvas.
Change your password: If you can log in, change your Canvas password. If you use the same password for banking, email, and other places, change those as well.
Enable Multi-Factor Authentication (MFA): This adds an extra layer of security.
Beware of phishing emails: If email addresses were compromised, hackers may send highly targeted emails to students. Be suspicious of any messages asking you to install software or share account information.
Monitor your credit: It's unknown whether financial information was part of the hack, but giving your credit report a check wouldn't hurt.
The Download Newsletter Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download NewsletterNever miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
