The education world was thrown into chaos on Thursday as Canvas by Instructure, a leading cloud-based Learning Management System (LMS), suffered a massive global outage.
The downtime, which affected over 8,000 users at its peak according to Downdetector, was reportedly accompanied by a chilling message from the notorious cyber-extortion group ShinyHunters. Students across the globe took to social media to report canceled finals and inaccessible study materials, with many sharing screenshots of a “breach warning” displayed directly on their learning dashboards.
The ShinyHunters Ultimatum
The message allegedly left by the hackers claims that ShinyHunters has breached Instructure for the second time. In the stark warning, the group accused the company of ignoring previous contact and attempting “security patches” instead of negotiating. The hackers issued a deadline of May 12, 2026, threatening to leak sensitive data from an “affected list of schools” unless a settlement is reached. “SHINY HUNTERS rooting your systems since 19,” the message read, directing schools to contact them via the encrypted TOX chat platform.
Instructure Responds to Cybersecurity Incident
While the specific details of Thursday’s outage are still being investigated, Instructure had previously disclosed a security incident on May 3, 2026. In an official statement, the company confirmed it had been targeted by a “criminal threat actor” and is currently working with outside forensics experts to minimize the impact.
The company emphasized that maintaining user trust is their highest priority and promised transparency as more information is confirmed. ShinyHunters, an extortion group known for high-profile hits on companies like Ticketmaster and AT&T, typically focuses on data theft and “pay-or-leak” threats rather than traditional ransomware.
Canvas Down: How to Fix (And What to Avoid)
Because the outage is a vendor-level cybersecurity issue, there is no direct fix available for students or teachers on the user end. However, cybersecurity experts and the platform itself have issued a critical warning: Do not engage with the hacker’s message.
- Do Not Click Links: Avoid clicking on any “download” or “affected schools list” links within the displayed hack message.
- Avoid Dark Web Links: Do not attempt to visit the Onion browser links mentioned in the threat.
- Wait for Official Updates: Monitor the official Canvas Status page and institutional IT emails for the “all-clear” before attempting to log back in.