Overview
- Instructure said the stolen data includes names, email addresses, student ID numbers and some private messages, with no evidence of exposed passwords, birth dates, government IDs or financial details.
- The ShinyHunters gang posted Instructure to its leak site on Sunday, May 3, and claimed data tied to about 275 million people across nearly 9,000 institutions.
- The hackers published a list naming roughly 8,800 schools and shared samples with journalists, though reporters and researchers have not verified the full scope.
- Instructure reported it contained the breach and revoked credentials, rotated keys, deployed patches, increased monitoring and required customers to reauthorize API access.
- The company is working with outside forensics and law enforcement as colleges and K–12 districts assess exposure and prepare for privacy impacts such as targeted phishing and potential doxxing.