The educational technology sector is reeling following a sophisticated cyberattack against Instructure, the provider of the widely used Canvas learning management platform. The group behind the breach, known as ShinyHunters, has escalated their tactics from silent data exfiltration to the public defacement of Canvas login portals. Users across numerous academic institutions reported finding altered landing pages that display explicit ransom demands aimed at coercing the company into payment.

By injecting unauthorized HTML code into the login screens, the attackers have utilized the platform itself as a megaphone for their ultimatum. The perpetrators claim to possess a massive repository of sensitive information, including private email addresses, personal identifiers, and internal communications belonging to students and faculty. The hackers have set a strict deadline of May 12 for the ransom payment, threatening to release the stolen data publicly if their demands remain unmet. During this period of instability, the platform has faced intermittent outages, with official communications masking the incident under the guise of maintenance.

This incident marks a significant shift in strategy for the threat actors, who are now leveraging high-profile disruption to force negotiations. Preliminary reports suggest that the breach could be far-reaching, potentially impacting approximately 231 million records across nearly 9,000 educational institutions worldwide. While investigators work to identify the specific vulnerabilities exploited to gain entry to the login portals, the attackers insist that this intrusion is a distinct secondary breach of the company’s infrastructure.

As the deadline looms, the incident underscores the severe risks facing digital infrastructure in the education sector. Instructure has yet to issue a detailed public statement regarding the extent of the compromise or the current state of any ransom negotiations. The situation remains fluid as institutions and users wait for clarity regarding the security of their data and the future stability of the Canvas platform.