Overview
- Canvas, which went offline Thursday after attackers altered some login pages, is back for most users as Instructure continues its probe and cleanup.
- Instructure says both the April 29 and May 7 intrusions exploited weaknesses in Free‑For‑Teacher demo accounts, which are now suspended during mitigation.
- The company confirms exposure of names, email addresses, student ID numbers and some private messages, and says it has no evidence passwords, birth dates, government IDs or financial data were taken.
- A group calling itself ShinyHunters claimed responsibility, posted ransom notes inside school portals, and set a May 12 deadline for Instructure and individual institutions, while sweeping claims about the volume and reach of stolen data remain unverified.
- Finals and deadlines were postponed or canceled at colleges and K‑12 districts nationwide, the FBI is encouraging victims to file reports at ic3.gov, and experts warn the leaked identifiers could fuel targeted phishing even as early lawsuits name Instructure and owner KKR.