Canvas maker Instructure reveals data breach confirms user personal information leaked
Date:
Tue, 05 May 2026 16:20:00 +0000
Description:
ShinyHunters claims Instructure attack, says nearly 9,000 schools worldwide affected.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Instructure confirms
cyberattack exposing names, emails, IDs, and user communications ShinyHunters claims responsibility, alleging data theft from millions across thousands of schools The incident highlights risks in thirdparty integrations, with
experts urging stronger access governance Instructure, the edtech giant
behind the popular Canvas learning system , has confirmed suffering a cyberattack and losing sensitive customer data.
The company issued a brief statement, confirming the hit, While our investigation continues alongside our outside forensics experts, at this
stage we believe the incident has been contained, the notice reads. Instructure said the crooks accessed certain identifying information of users at affected institutions, including names, email addresses, student ID numbers, and user communications. Article continues below You may like 11 million students possibly at risk after classroom software used by millions hacked McGraw Hill becomes latest to see its Salesforce data hacked Vercel confirms data breach ShinyHunters strike again Passwords , dates of birth, government identifiers, or financial information, were not involved.
Still, having names, emails, and communications, is more than enough information to mount highly convincing phishing attacks and identity theft, which could lead to more destructive scams.
Instructure also said it revoked privileged credentials and access tokens associated with affected systems, deployed patches, rotated keys, and implemented increased monitoring across all platforms.
The company did not say how many people were affected by the breach, or who the threat actors were. However, BleepingComputer found the infamous ShinyHunters claimed responsibility by listing the company on its dark web site. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
"Nearly 9,000 schools worldwide affected. 275 million individuals data
ranging from students, teachers, and other staff containing PII," the crooks wrote.
"Several billions of private messages among students and teachers and
students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved."
Apparently, the threat actors managed to access Instructure through a vulnerability in their systems, which the company has subsequently patched. They seem to have stolen files from 15,000 institutions in different places around the world, including Europe, North America, and Asia-Pacific. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons
Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/canvas-maker-instructure-reveals-data-b reach-confirms-user-personal-information-leaked
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)