Thousands of users reported issues accessing Canvas by Instructure on Thursday amid claims the education platform had been targeted in a cyberattack linked to the hacking group ShinyHunters. According to Downdetector, more than 8,000 users reported outages at one stage as Canvas, Canvas Beta and Canvas Test environments became unavailable.

Students flooded social media with reactions, with many sharing screenshots of an alleged message from ShinyHunters displayed during the outage.
One user wrote, “Final exam just got canceled cuz canvas got hacked.” Another posted, “I WAS STUDYING FOR A FINAL IN 40 MINS AND CANVAS GOES DOWN.”
Canvas later acknowledged the issue, stating: “Canvas, Canvas Beta and Canvas Test are currently unavailable. We are currently investigating this issue.”
What is ShinyHunters?
ShinyHunters is a financially motivated cyber extortion group that has been active since 2020 and is known for targeting major companies and software providers.
Rather than using traditional ransomware, the group is known for stealing large volumes of sensitive data and issuing “pay-or-leak” threats to pressure victims into negotiations.
Also Read: Canvas down after ShinyHunters hack: Harvard, Duke among schools affected; check list
The hackers have previously been linked to breaches involving AT&T, Ticketmaster, Tokopedia, Salesforce and McGraw Hill.
Massive Instructure breach claims
{{/usCountry}}The hackers have previously been linked to breaches involving AT&T, Ticketmaster, Tokopedia, Salesforce and McGraw Hill.
Massive Instructure breach claims
{{/usCountry}}Earlier this month, Instructure confirmed it had experienced a cybersecurity incident involving what it described as a “criminal threat actor.”
“Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor,” the company said in a May 3 statement, adding that outside forensic experts had been called in to investigate.
According to reports, ShinyHunters later claimed responsibility for the breach and alleged it had accessed personal information tied to nearly 275 million users connected to Canvas across almost 9,000 schools worldwide.
The group claimed the stolen data included names, email addresses, student ID numbers and billions of private messages exchanged through the platform.
Hackers also allegedly posted a warning message threatening to leak data publicly if negotiations were not initiated before May 12.
Also Read: Google faces hacker ultimatum to fire two employees or risk data leak
Why experts are concerned
Cybersecurity experts say the attack points to a growing trend where hackers target third-party education vendors instead of individual schools, allowing them to potentially compromise thousands of institutions at once.
Officials in Utah, where many K-12 schools use Canvas, warned that while the immediate risk of identity fraud appears low, the exposed information could later be used in phishing scams and social engineering attacks.
Experts also warned users not to click on suspicious download links or Onion browser addresses allegedly included in the hackers’ message, as there is currently no user-side fix for the outage.