Canvas Hacked Update: Who Are the Hackers and How Long Will the LMS Be Down?

Students across the United States were left unable to access essential coursework, grades, and examination materials after a major cyberattack hit the Canvas learning management system (LMS) during finals week, with universities reporting widespread disruption and a ransom message replacing normal platform access.

The online learning platform Canvas, owned by Instructure, suffered a significant cybersecurity incident on Thursday, forcing parts of the system into maintenance mode while investigations were launched. Students at major institutions, including Harvard University, Princeton University, Columbia University, Georgetown University, and Rutgers University, reported being locked out of their accounts at a critical point in the academic calendar.

Instead of their usual dashboards, users were greeted with a ransom note attributed to a hacking group identifying itself as ShinyHunters.

'ShinyHunters has breached Instructure (again),' read the warning, as seen byCNN. 'Instead of contacting us to resolve it, they ignored us and did some "security patches."'

The message appeared across multiple affected institutions and demanded payment to prevent further alleged data exposure.

Canvas is one of the world's most widely used education platforms, supporting more than 30 million active users and over 8,000 institutions globally, according to its parent company, Instructure. The timing of the attack has intensified disruption, as many universities are currently conducting final examinations and coursework submissions.

The hacking group ShinyHunters has been linked to the incident, according to statements reported by affected institutions and student accounts. The group has also been associated with a separate cybersecurity incident earlier this month involving Instructure.

A ransom message reportedly posted on university Canvas pages claimed responsibility for the breach and warned of further data exposure if demands were not met. The group also referenced deadlines for contact regarding the alleged ransom negotiation.

While the full identity and location of ShinyHunters remains unconfirmed by authorities, the group has previously been associated with large-scale data breaches targeting global organisations.

Instructure has not confirmed negotiations with the attackers and has not publicly detailed the specific demands made in relation to the latest incident.

Source: International Business Times UK