ShinyHunters has breached Instructure, the company behind Canvas LMS. They are claiming access to data from 275 million users across nearly 9,000 educational institutions worldwide. The exposed data includes names, emails, student IDs, and billions of private messages sent between students, counselors, and academic advisers. The deadline to pay or leak is May 12, 2026.
This is Instructure's second breach by the same group in eight months. They were hit in September 2025, applied patches, and ShinyHunters got back in anyway. Same actor. Same infrastructure. Different day.
If your school runs Canvas, treat yourself as affected until you hear otherwise. Do not wait for your institution to tell you. Check your email. Monitor your accounts. Watch for phishing attempts using your real information because the attackers have it now.
⚠️ If anyone sends you a file claiming to be leaked Canvas data, scan it before you open it. VirusTotal is free. Malware riding a breach wave is one of the oldest tricks in the book and it works every time people get curious.
Stay sharp out there. Share this with someone who needs it.