Overview
- Following Thursday's outage, Instructure restored Canvas for most users on Friday after taking the platform offline when hackers altered login pages.
- Instructure said attackers exploited an issue tied to its Free‑For‑Teacher accounts and it has temporarily shut those accounts while outside forensic teams and law enforcement investigate.
- A group calling itself ShinyHunters claimed responsibility and posted ransom notes targeting both Instructure and listed schools with a May 12 leak threat, though the group’s sweeping scale claims have not been verified.
- Based on Instructure’s briefings, data likely exposed includes names, email addresses, student ID numbers and Canvas messages, and the company says it has no evidence at this time of stolen passwords, Social Security numbers, birth dates or financial data.
- The shutdown upended final exams across K‑12 and higher education as universities canceled or rescheduled tests, some schools kept Canvas access limited, and institutions urged users to change passwords, turn on multi‑factor authentication and watch for phishing, with new lawsuits underscoring growing concerns about vendor concentration risk.