Canvas Restored After Shinyhunters Attack on 9,000 Schools

When students logged in to review grades and submit assignments Thursday evening, many found the Canvas learning management system offline. Canvas is a cloud‑based platform that hosts course materials, grades, assignments and communications for thousands of K‑12 schools and colleges. The outage coincided with the end of the semester, heightening frustration among students and faculty. University of Minnesota officials said they were notified by Instructure of a worldwide cybersecurity incident affecting its clients, while University of Wisconsin administrators warned users not to follow any unsolicited Canvas‑related prompts.

Instructure confirmed the incident Thursday night and took the service offline. By Friday morning the platform was back online, though administrators continued to verify stability. The hacking group Shinyhunters posted a message claiming responsibility and told affected schools to consult a cyber advisory firm and contact them privately to negotiate a settlement. Shinyhunters asserted that nearly 9,000 schools globally were impacted, with billions of private messages and other records accessed. The University of Minnesota and the University of Wisconsin both acknowledged they were part of the outage. Instructure subsequently removed the dedicated leak site that Shinyhunters had used to publish stolen data on the dark web, and the company had not published a public statement about the attack on its blog.

The disruption forced schools to scramble for alternative ways to collect assignments and communicate grades during a critical academic period. While service is restored, the alleged access to billions of messages raises the risk of follow‑on social engineering attacks, such as phishing emails that appear to come from Canvas or school administrators. Security experts note that stolen contact information can be stockpiled and used months later in credential‑harvesting campaigns.