Canvas Hacked By ShinyHunters: Are Your Private Messages Now Exposed In The Dark Web?

Universities brace for the possibility of dark web leaks after hacking group ShinyHunters claimed responsibility forCanvas data breach.

As educational institutions worldwide scramble to identify the extent of the damage caused by the Canvas hack, students are equally concerned that the breach might have compromised their personal information and private messages.

TheShinyHunters hacking groupthreatened to leak sensitive data of up to 200 million users across 9,000 educational institutions worldwide unless a ransom is paid.

Ed-tech company Instructure reported the cybersecurity incident happened on 1 May, describing it as an unauthorised access by a criminal threat actor previously involved in breaches at Ticketmaster, Google, and Ivy League universities.

ShinyHunters also allegedly infiltrated K-12 LMS Infinite Campus in March, as well as publishing company McGraw Hill in April.

Shortly after Instructure confirmed the breach, ShinyHunters posted a 'pay or leak' ultimatum with a deadline set on 6 May, according toInside Higher Ed. The group claimed to have exfiltrated 3.65 terabytes of data including names, email addresses, student ID numbers, and user messages from Canvas LMS.

'This breach follows a clear pattern we've been watching for the last 18 months,' cybersecurity solutions expert Doug Thompson told the outlet. 'Instead of targeting individual campuses, attackers are moving up the data supply chain to the platforms that sit underneath thousands of institutions at once.'

'It's the math of a bank robber who just figured out where the armoured truck stops,' he added. 'Why hold up a hundred branches when the truck visits all of them? The real risk now is downstream. With access to real names, email addresses and even teacher-student messages, the next wave of phishing will not be generic. It will reference real courses and real conversations, which makes it far more likely to succeed.'

Hackers like ShinyHunters may leak data to the dark web using Tor, a browser designed to maximise its users' online privacy. This allows access to leak sites and forums with anonymity. They often package stolen credentials, emails, financial details, or databases into 'combo lists' or 'fullz' files, posting samples to prove authenticity before full dumps.

Leak sites operated by groups like ransomware gangs serve as extortion hubs, where data appears if ransoms are ignored or go unpaid. Interested parties purchase bundle packages using cryptocurrency, and the data is then resold via Telegram channels or paste sites, evading detection via encryption and .onion domains.

Source: International Business Times UK