Cloud-based Learning Management System (LMS) Canvas, a popular software by Instructure widely used by colleges across the US, is down after an alleged hack. Many users of the platform reported on social media that the system was down, and a message from the Black Hat hackers' group 'ShinyHunters' appeared on the screen.
On Down Detector, nearly 10,000 people reported an outage with Canvas. Locally, colleges like Harvard University and Duke University reported massing widespread outages. According to reports, as many as 9,000 colleges using Canvas are experiencing the outage.
List Of Colleges Affected
The Information Technology office of Duke University was the first to confirm that they have been affected by the cyberattack. Shortly after Duke, the Harvard Crimson, the student newspaper of Harvard University, reported that Harvard has also been affected.
New University, the newspaper of University of California, Irvine, also confirmed that they have been affected by the cyberattack.
“UCI students received pop-up messages on Canvas at approximately 1:05 p.m. today on May 7,” the report read. “Following an initial message on all Canvas websites from the ShinyHunter hacker group, Anteaters are currently unable to access Canvas and the webpage is currently down for maintenance.”
The Daily Pennsylvanian reports that Penn State University also experienced the outage. However, as of now, the school has not released a statement on the issue.
{{/usCountry}}The Daily Pennsylvanian reports that Penn State University also experienced the outage. However, as of now, the school has not released a statement on the issue.
{{/usCountry}}The Daily Cardinal reports that University of Wisconsin-Madison also experienced the outage. The college did not release a statement.
Thousands of more colleges also reported the outage.
Ransom Demand In Focus
In the threat that ShinyHunters posted on the Canvas dashboard of colleges, they made a ransom demand with the threat that they have data of more than 250 million students and staff on the platform and will leak it if the ransom is paid.
The message read: “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.”
ShinyHunters said in the post that schools that do not want the data to be released should contact a cyber advisory firm. They also asked the group to contact Instructure, the parent company of Canvas, via the instant messaging app Tox.
A deadline of May 12 was provided, but the details of how much has been demanded in ransom have not identified.