As reported by Bleeping Computer, Instructure, the company behind the Canvas learning management system, has reached an agreement with the ShinyHunters extortion group to prevent the leak of data stolen in a recent breach affecting over 30 million educators and students.ShinyHunters claimed responsibility for stealing more than 3.6 terabytes of data by exploiting security vulnerabilities in Instructure's Free-for-Teacher environment. The group also defaced Canvas login portals and left an extortion message. Instructure confirmed the breach involved cross-site scripting (XSS) vulnerabilities, allowing attackers to gain administrative access. While Instructure stated that no customers will be extorted and the stolen data was returned and confirmed destroyed, the FBI cautions that paying ransoms does not guarantee data security.This incident follows a previous breach in September 2025, also claimed by ShinyHunters, which affected Instructure's Salesforce instance. The company is holding a webinar on May 13 to discuss the incident and security measures. Instructure has temporarily shut down Free-For-Teacher accounts to address the security issues.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds