Instructure hacker claims data theft from 8,800 schools, universities
Instructure hacker claims data theft from 8,800 schools, universities
Publish Date: 2026-05-05 17:20:23
Source Domain: www.bleepingcomputer.com
Summary:
Instructure, widely known for its Canvas learning management system, recently experienced a significant data breach resulting in the theft of 280 million records tied to students and staff from 8,809 educational institutions. The ShinyHunters group claimed responsibility for the attack, disclosing details of the breach and data exposure through their data leak site. The stolen data, reportedly amassed using Canvas features like DAP queries, provisioning reports, and user APIs, includes users’ names, email addresses, and private messages. Although insitutions like the University of Colorado Boulder and Rutgers University acknowledged the breach, details on affected individuals remain uncertain due to lack of verification. Instructure has not commented on the incident, and it remains unclear which systems exactly were compromised.
Key Points:
- A data breach at Instructure, involving the alleged theft of 280 million records from 8,809 educational institutions, was confirmed.
- The ShinyHunters group took responsibility for the attack and claimed extensive data harvesting using various Canvas features.
- Details include exposure of users’ personal data such as names, emails, and private messages.
- Specific institutions’ verification of the breach impacts is pending.
- Instructure has yet to make any official statement in response to the attack.
