Canvas Is Under Attack Just as Schools Across the Country Start Winding Down

Finals season is intense enough as it is, but following the news that Canvas, a widely used online platform for learning, was being hacked at high schools and colleges across the country, many understandably wanted to better understand the attacks. Many schools store sensitive information about students in Canvas, which only makes the attack more dangerous.

Now, reporting suggests that a hacking group called ShinyHunters is behind the attack, but many want to know why they executed it in the first place. Here's what we know.

According to reporting in the Harvard newspaper The Crimson, users who attempted to access Canvas were instead redirected to a message from the hackers. “ShinyHunters has breached Instructure (again),” the message reportedly said. “Instead of contacting us to resolve it they ignored us and did some ‘security patches.’”

Instructure, the company behind Canvas, told Time that following the breach, they took Canvas offline temporarily to contain its potential impact.

“We have confirmed that the unauthorized actor exploited an issue related to our Free-For-Teacher accounts,” the statement explained. “As a result, we have made the difficult decision to temporarily shut down our Free-For-Teacher accounts. This gives us the confidence to restore access to Canvas, which is now fully back online and available for use.”

The message also reportedly included a list of schools that they claim were targeted in the breach, as well as an encouragement for schools that had been affected to reach out to settle the issue. “You have till the end of the day by 12 May 2026 before everything is leaked," the statement said. On May 7, Instructure said that Canvas was available for "most users." We don't know exactly which schools were affected by the breach, but the list includes some high-profile places.

Among the schools that we know were hit are Harvard, the University of Illinois, Penn State, Columbia, and James Madison University.

ShinyHunters, meanwhile, appears to be in it only for money. According to Luke Connolly, a threat intelligence analyst at the cybersecurity firm Emsisoft, who spoke with The Associated Press about the group, they are a loosely affiliated group of teenagers and young adults in the U.S. and U.K.

The group has also previously targeted platforms like Ticketmaster and Salesforce. This latest attack, though, doesn't appear to have been done out of any specific malice towards universities. Instead, it was done because they found an opportunity to access sensitive information that they could hold for ransom.

We don't know how widespread the damage from this attack might be, or whether schools will ultimately be forced to negotiate settlements.

Since their founding around 2020, though, ShinyHunters have developed quite a reputation for their ability to access sensitive systems and steal important information. Canvas is just the latest target, and it's been hit at a time when the platform is especially essential for schools that use it to deliver grades and make final determinations about students.