The notorious hacking collective ShinyHunters has sent shockwaves through the global education sector by claiming responsibility for a massive breach of Instructure’s Canvas LMS.
The group alleges to have exfiltrated 3.65 TB of data, compromising approximately 275 million records from over 8,800 universities and schools. Researchers have already verified samples of the data, which includes full Personally Identifiable Information (PII), academic transcripts, hashed passwords, and private internal messages. ShinyHunters has set a hard ransom deadline of May 12, 2026, threatening to leak the full archive publicly if a payment is not made in Monero.
Major institutions, including the University of Minnesota and the University of Maryland, are currently assessing the impact. Educational institutions are being urged to initiate immediate password resets and audit all Third-Party Integrations that have OAuth access to the Canvas API.