Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak

Instructure's Canvas LMS was breached by the ShinyHunters group in April–May 2026, resulting in the theft of approximately 275 million student records (~3.65 TB) that included PII and private teacher-student messages; attackers also defaced login pages at ~330 schools and disrupted services. The group exploited a vulnerability in 'Free for Teacher' support-ticket handling, initially demanded payment, then provided 'shred logs' claiming deletion of data after an agreement with Instructure; the company has disabled affected accounts and is investigating while warning users to remain vigilant for phishing and misuse of exposed data.