A massive cyberattack targeting Instructure, the parent company of the widely used Canvas learning management system, disrupted access for thousands of schools and universities across the United States during finals week.

Hackers linked to the cybercrime group ShinyHunters reportedly defaced Canvas login pages at several institutions, posting ransom messages threatening to leak stolen student and school data by May 12 unless schools negotiated a settlement.

TechCrunch reported that the hackers injected malicious HTML files into school login portals, replacing normal Canvas pages with warning messages. Instructure’s website and Canvas platform also experienced outages, at times displaying “too many requests” errors or “scheduled maintenance” notices.

The breach follows an earlier disclosure by Instructure that hackers had stolen names, email addresses, student ID numbers, and messages exchanged between teachers and students. The company said there was no evidence that passwords, financial information, dates of birth, or government identifiers had been compromised.

ShinyHunters claimed it had breached nearly 9,000 schools worldwide and obtained data tied to hundreds of millions of users. The group warned institutions to contact them through the encrypted platform TOX before May 12 to prevent the release of the data.

Universities across the country reported outages and disruptions as students prepared for final exams and assignment deadlines.

Indiana University said instructors were unable to enter grades or access assignments during finals week. University IT services confirmed Canvas was experiencing a “global outage.” A message sent within the Luddy School warned students that accounts and credentials “may be compromised.”

Princeton University’s Canvas platform went dark less than 24 hours before final assessments were scheduled to begin. University officials advised instructors to download copies of gradebooks as a precaution.

Harvard University, Duke University, Brown University, the University of California Irvine, University of Wisconsin-Madison, Penn State, Georgetown University, San Diego State University, and the University of Pennsylvania also reported disruptions or acknowledged the breach.

Some universities warned students to remain alert for phishing scams and suspicious emails using leaked information such as names, email addresses, messages, and student ID numbers.

Source: India Latest News, Breaking News Today, Top News Headlines | Times Now