{"id":125221,"date":"2026-05-07T23:22:32","date_gmt":"2026-05-07T23:22:32","guid":{"rendered":"https:\/\/christiancorner.us\/index.php\/2026\/05\/07\/canvas-has-been-hacked-and-is-being-held-for-ransom\/"},"modified":"2026-05-07T23:23:48","modified_gmt":"2026-05-07T23:23:48","slug":"canvas-has-been-hacked-and-is-being-held-for-ransom","status":"publish","type":"post","link":"https:\/\/christiancorner.us\/index.php\/2026\/05\/07\/canvas-has-been-hacked-and-is-being-held-for-ransom\/","title":{"rendered":"Canvas has been hacked and is being held for ransom"},"content":{"rendered":"<p>\n<\/p>\n<div id=\"\">\n<hr class=\"custom-gradient-background my-6 h-(6px) max-w-(75px) border-0\"\/>\n<p>Canvas, a cloud-based learning management system used by more than 8,000 colleges and universities, including all of the top ten colleges in the US, is being held to ransom. A group called ShinyHunters has claimed responsibility for the hack and informed Canvas&#8217; parent company. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.instructure.com\/\" title=\"open in a new window\">instructor<\/a>By May 12 to reach an agreement, otherwise &#8220;everything is leaked.&#8221;<\/p>\n<h2 id=\"canvas-outages-have-been-reported-nationwide\">Canvas failures have been reported across the country<\/h2>\n<p>There is no information on how many schools are affected, but there are reports of students being unable to access Canvas <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.dukechronicle.com\/article\/duke-university-among-institutions-affected-by-canvas-cyberattack-shinyhunters-instructure-hack-data-leak-cybersecurity-20260507\" title=\"open in a new window\">universities<\/a> And <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.thedp.com\/article\/2026\/05\/penn-canvas-shinythunters-data-breach-hack-second\" title=\"open in a new window\">colleges<\/a> All <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wftv.com\/news\/local\/major-cybersecurity-breach-hits-canvas-exposing-millions-students-teachers-data\/MKZBOUHIVJE5LJ4WXW7AYGBNJA\/\" title=\"open in a new window\">Above<\/a>  <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.oudaily.com\/news\/canvas-hack-data-breach-ou-criminal-extortion-security\/article_358fb651-5b28-4c87-8a61-e59f34c67015.html\" title=\"open in a new window\">Country<\/a>. In the last half hour, Canvas shutdown complaints have increased from almost none to more than 8,000 <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/downdetector.com\/status\/instructure\/\" title=\"open in a new window\">down detector<\/a>. <\/p>\n<div class=\"eloquent-imagery-image\">\n<div class=\"flex justify-center\"><\/div>\n<p>\n                            <span class=\"image-caption block text-sm leading-4 tracking-wide text-(#1F2937)\"\/><br \/>\n                                        <span class=\"mt-1 block font-sans text-xs tracking-normal text-gray-600\">Credit: Stephen Johnson<\/span>\n                    <\/p>\n<\/p><\/div>\n<p>A <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/millions-of-students-personal-data-stolen-in-major-education-cyberattack\" title=\"open in a new window\">similar violation of instructions <\/a>The breach occurred in late April or early May, and the company confirmed that names, email addresses, student ID numbers, and private messages exchanged between users were exposed by ShinyHunters, but said there was no evidence of compromised passwords, dates of birth, Social Security numbers, or financial information. <\/p>\n<p>Instruct updated its software on May 2, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.k12dive.com\/news\/instructure-confirms-cybersecurity-incident\/819362\/\" title=\"open in a new window\">Saying it has deployed patches<\/a>Surveillance was increased, and other measures were taken to prevent damage, a fact referenced by ShinyHunters in a message left for Canvas users: <\/p>\n<div class=\"pogoClear relative my-10 border-b-(1.5px) border-t-(1.5px) border-dashed border-black py-5 sm:my-14 sm:border-0 sm:py-0\" data-ga-click=\"\" data-ga-template=\"News\" data-ga-module=\"openweb_widget\" data-ga-element=\"openweb_scroll\" data-ga-item=\"openweb_scroll_midpage\" x-data=\"{&#10;         commentsCount: null,&#10;         hasComments: false,&#10;         async fetchCommentsCount() {&#10;             try {&#10;                 if (window.openweb &amp;&amp; typeof window.openweb.getMessagesCount === 'function') {&#10;                     this.commentsCount = await window.openweb.getMessagesCount('01KR27ZWTEZY61BJSVQP96S1NX');&#10;                     this.hasComments = this.commentsCount !== null &amp;&amp; this.commentsCount &gt; 0;&#10;                 }&#10;             } catch (e) {&#10;                 console.warn('Failed to fetch comment count:', e);&#10;             }&#10;         }&#10;     }\" x-init=\"fetchCommentsCount()\" x-cloak=\"\">\n<div class=\"relative flex justify-center\">\n<div class=\"flex max-w-fit items-center gap-x-3 bg-white px-5\">\n<p>            <span class=\"text-sm font-medium text-black\"><\/p>\n<p>                What do you think so far?<br \/>\n                <button class=\"ml-1 font-semibold text-brand-green underline hover:text-brand-green-700\" type=\"button\" aria-label=\"Comment section trigger\" onclick=\"window.openweb.scrollToComments('01KR27ZWTEZY61BJSVQP96S1NX')\" x-text=\"hasComments ? 'Post a comment.' : 'Be the first to post a comment.'\"\/><br \/>\n            <\/span>\n        <\/div>\n<\/p><\/div>\n<\/div>\n<div class=\"eloquent-imagery-image\">\n<div class=\"flex justify-center\">\n                    <img loading=\"lazy\" decoding=\"async\" class=\"border border-gray-100\" src=\"https:\/\/lifehacker.com\/imagery\/articles\/01KR27ZWTEZY61BJSVQP96S1NX\/images-2.fill.size_2000x1125.v1778191954.png\" alt=\"Screenshot of ShinyHunters' ransom note displayed on hacked Canvas login page\" width=\"2000\" height=\"1125\" loading=\"lazy\" srcset=\"https:\/\/lifehacker.com\/imagery\/articles\/01KR27ZWTEZY61BJSVQP96S1NX\/images-2.fill.size_800x450.v1778191954.png 800w, https:\/\/lifehacker.com\/imagery\/articles\/01KR27ZWTEZY61BJSVQP96S1NX\/images-2.fill.size_1400x788.v1778191954.png 1400w, https:\/\/lifehacker.com\/imagery\/articles\/01KR27ZWTEZY61BJSVQP96S1NX\/images-2.fill.size_2000x1125.v1778191954.png 2000w\" sizes=\"auto, (max-width: 1408px) 100vw, 1408px\"\/>\n            <\/div>\n<p>\n                            <span class=\"image-caption block text-sm leading-4 tracking-wide text-(#1F2937)\"\/><br \/>\n                                        <span class=\"mt-1 block font-sans text-xs tracking-normal text-gray-600\">Credit: Stephen Johnson<\/span>\n                    <\/p>\n<\/p><\/div>\n<p>The hacker group claimed that its previous hack had added more than 3 terabytes of data, affecting 275 million students, teachers and others across nearly 9,000 educational institutions. Whether this latest breach will be that big remains to be seen. <\/p>\n<h2 id=\"what-to-do-if-youre-affected-by-the-canvas-outage\">What to do if you are affected by a Canvas outage<\/h2>\n<p>Although the threat is likely being addressed, here are some steps students and faculty can take to make their digital data more secure on Canvas. <\/p>\n<ul>\n<li>\n<p><strong>Change your password<\/strong>: If you can log in, change your Canvas password. If you use the same password for banking, email and other places, then change it also.<\/p>\n<\/li>\n<li>\n<p><strong>Enable Multi-Factor Authentication (MFA)<\/strong>:This adds an extra layer of security. <\/p>\n<\/li>\n<li>\n<p><strong>Beware of phishing emails<\/strong>: If the email address is compromised, hackers can send highly targeted emails to students. Be suspicious of any message asking you to install software or share account information.<\/p>\n<\/li>\n<li>\n<p><strong>Monitor your credit<\/strong>: It&#8217;s unknown if financial information was part of the hack, but checking your credit report won&#8217;t hurt.<\/p>\n<\/li>\n<\/ul><\/div>\n<p><script>\n            var facebookPixelLoaded = false;\n            window.addEventListener(\"load\", function() {\n                document.addEventListener(\"scroll\", facebookPixelScript);\n                document.addEventListener(\"mousemove\", facebookPixelScript);\n            });\n            function facebookPixelScript() {\n                if (!facebookPixelLoaded) {\n                    facebookPixelLoaded = true;\n                    document.removeEventListener(\"scroll\", facebookPixelScript);\n                    document.removeEventListener(\"mousemove\", facebookPixelScript);\n                    window.zdconsent.cmd.push(function() {\n                        ! function(f, b, e, v, n, t, s) {\n                            if (f.fbq) return;\n                            n = f.fbq = function() {\n                                n.callMethod ?\n                                    n.callMethod.apply(n, arguments) : n.queue.push(arguments);\n                            };\n                            if (!f._fbq) f._fbq = n;\n                            n.push = n;\n                            n.loaded = !0;\n                            n.version = \"2.0\";\n                            n.queue = ();\n                            t = b.createElement(e);\n                            t.async = !0;\n                            t.src = v;\n                            s = b.getElementsByTagName(e)(0);\n                            s.parentNode.insertBefore(t, s);\n                        }(window,\n                            document, \"script\", \"\/\/connect.facebook.net\/en_US\/fbevents.js\");\n                        fbq(\"init\", \"37418175030\");\n                        fbq(\"track\", \"PageView\");\n                    });\n                }\n            }\n        <\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Canvas, a cloud-based learning management system used by more than 8,000 colleges and universities, including all of the top ten colleges in the US, is being held to ransom. A group called ShinyHunters has claimed responsibility for the hack and informed Canvas&#8217; parent company. instructorBy May 12 to reach an agreement, otherwise &#8220;everything is leaked.&#8221;<\/p>\n","protected":false},"author":1,"featured_media":125223,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[26203,7010,1209,19745],"class_list":["post-125221","post","type-post","status-publish","format-standard","has-post-thumbnail","category-bible-verse","tag-canvas","tag-hacked","tag-held","tag-ransom"],"_links":{"self":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/125221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/comments?post=125221"}],"version-history":[{"count":1,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/125221\/revisions"}],"predecessor-version":[{"id":125224,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/posts\/125221\/revisions\/125224"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/media\/125223"}],"wp:attachment":[{"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/media?parent=125221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/categories?post=125221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/christiancorner.us\/index.php\/wp-json\/wp\/v2\/tags?post=125221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}