News

Global Learning Platform Canvas Hacked Affecting 275 Mln Users

Published
Nigora Umarova
Nigora Umarova
International Department Journalist
Education USA
Students attempting to log in were instead confronted with a message from the hackers
Global Learning Platform Canvas Hacked Affecting 275 Mln Users
Photo: The Brown Daily Herald

The cybercrime group ShinyHunters has breached the Canvas learning management system, stealing 3.65 terabytes of data from an estimated 275 mln users across 9,000 global educational institutions and demanding a ransom payment by May 12, the NYT reports.

The security breach culminated in a widespread global outage on Thursday, leaving thousands of schools and universities completely locked out of the platform. Students attempting to log in were instead confronted with a message from the hackers threatening to publicly leak the stolen information if the platform’s parent company, Instructure, fails to negotiate.

Widespread academic disruption

Canvas is heavily utilised by major academic institutions worldwide, including Harvard University, Stanford University and the University of Sydney. The platform’s sudden outage has caused severe disruptions to academic schedules right in the middle of crucial exam periods.

Students have been entirely cut off from coursework, assignment submission portals and essential study materials. In response to the crisis, several universities have been forced to cancel scheduled tests, extend assessment deadlines and instruct teaching staff to communicate directly with students via alternative email channels.

Extensive data theft

ShinyHunters claims to have accessed the private records of hundreds of millions of individuals. According to preliminary investigations confirmed by Instructure, the compromised data includes user names, email addresses, student identification numbers and billions of internal Canvas messages exchanged between students and staff.

Instructure has stated that there is currently no evidence to suggest that highly sensitive data such as passwords, dates of birth, government identification numbers or financial records were exposed in the attack.

Ongoing recovery efforts

The hackers have issued a strict «pay or leak» ultimatum to Instructure. In response, the company has reportedly refused to negotiate with the threat actors and is actively working with law enforcement agencies and external forensic experts to assess the full scope of the breach.

To contain the incident, Instructure has revoked affected credentials, rotated application keys and deployed security patches. While Canvas services have slowly begun to return online for some users, the company warned that individuals using integrated third-party tools may continue to experience authorisation issues.

From economics and politics to business, technology and culture, Kursiv Uzbekistan brings you key news and in-depth analysis from Uzbekistan and around the world. To stay up to date and get the latest stories in real time, follow our Telegram channel.

Related Materials
Four Dead and 20 Injured in School Shooting in Turkey
Uzbekistan to Offer 500 University Scholarships to Foreign Students Annually
Read also