ShinyHunters demands ransom after Canvas hack

Hackers give operator Instructure until 12 May to ‘negotiate a settlement’.

Cyber extortion group ShinyHunters has claimed responsibility for a second breach into edtech giant Instructure – this time, for hacking into the Canvas login portal.

The hackers replaced the Canvas login page with a message that claimed responsibility for an earlier Instructure breach and threatened to leak stolen data if ransom demands aren’t met.

“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the message seen by news publications read.

“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked,” it continued.

ShinyHunters demands ransom after Canvas hack

Other newsrooms on this story

Related reading

Canvas parent settles with hacker group that stole user data

Congress investigates Canvas breach as company pays ransom

Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline

The Canvas Hack Shows Ransomware Isn’t Going Anywhere

Canvas hack: Company pays criminals to delete students' stolen data

Hackers deface school login pages after claiming another Instructure hack |…