Cyber Blog

Instructure, the company behind the popular online learning platform Canvas, has reportedly reached an agreement with a hacking group after a major cyberattack exposed sensitive data from thousands of schools and universities around the world.

The cybercriminal group, known as “ShinyHunters,” claimed responsibility for stealing approximately 3.65 terabytes of data connected to schools, teachers, staff, and students. The stolen information reportedly included names, email addresses, student ID numbers, and private messages exchanged through the Canvas platform. Experts estimate that the breach may have impacted hundreds of millions of users across nearly 9,000 educational institutions.

The attack caused widespread disruption because Canvas is heavily used by schools and universities to manage assignments, grades, communication, and online coursework. The outage occurred during a critical time of the academic year, with many students taking final exams and submitting projects when the system became unavailable.

According to reports, the hackers threatened to publicly release the stolen data unless Instructure agreed to their demands. The company later announced it had reached an “agreement” with the attackers. While Instructure did not directly confirm whether a ransom payment was made, the company stated that the stolen data had been returned and that it received digital confirmation claiming the files were destroyed.

Cybersecurity experts warn that even when hackers claim stolen data has been deleted, there is no absolute guarantee that copies were not kept or shared elsewhere. Specialists also caution that paying cybercriminals can encourage future attacks by showing that companies may be willing to negotiate.

Investigators believe the breach began through vulnerabilities connected to certain “Free-For-Teacher” accounts within the Canvas platform. After discovering the attack, Instructure reportedly revoked access credentials, increased security measures, worked with forensic investigators, and coordinated with law enforcement agencies to contain the situation.

Fortunately, the company stated that highly sensitive information such as passwords, financial details, Social Security numbers, and government identification documents were not believed to be affected. However, security professionals say the exposed data could still be used in phishing scams, identity theft attempts, or other targeted cyberattacks against students and educational staff.

The incident is being viewed as one of the largest cybersecurity breaches ever to affect the education sector. Experts say schools and universities are becoming increasingly attractive targets for hackers because they store large amounts of personal information while often operating with limited cybersecurity resources.

The attack also highlights the growing risks tied to digital learning platforms. As schools continue relying on online systems for education and communication, cybersecurity experts say organizations must strengthen defenses, regularly update systems, and improve security monitoring to better protect student and staff data from future attacks.