logo
ShinyHunters Hacks Instructure, Exposing Data of 275 Million Users
Technology iconTechnology04 May 2026

ShinyHunters Hacks Instructure, Exposing Data of 275 Million Users

A major data breach led by ShinyHunters compromises data from 275 million users of Instructure's Canvas LMS, raising cybersecurity alarms.

Massive Data Breach at Instructure

A significant data breach has taken place at Instructure, the company known for its Canvas Learning Management System (LMS), with the notorious hacker group ShinyHunters claiming responsibility for stealing sensitive information from an astonishing 275 million users, including teachers and students.

Instructure reported a service disruption on April 30, 2023, and the following day, it confirmed a "cybersecurity incident perpetrated by a criminal threat actor." By May 2, the company had largely resolved the issues and announced that all security measures were being re-evaluated.

What Happened?

The breach involves the release of 3.65 terabytes of data by ShinyHunters, which they made available on their website on May 3. While Instructure maintains that passwords and private credentials were not compromised, other sensitive data was indeed exposed.

Compromised User Information

The leaked information reportedly includes:

  • Names of users
  • Email addresses
  • Student IDs
  • Private messages exchanged within the platform

Instructure serves nearly 9,000 educational institutions worldwide, meaning a large portion of the affected users are students and educators. ShinyHunters has also claimed that billions of messages exchanged between users may have been taken.

Instructure's Cybersecurity Response

Following the breach, Instructure took swift action to secure its systems. The company stated that it patched identified vulnerabilities, revoked certain credentials and access tokens, and updated API keys to ensure the integrity of its platform moving forward.

History of ShinyHunters

ShinyHunters has gained notoriety for conducting high-profile data breaches throughout the year, targeting organizations across various sectors. Other companies that have fallen victim to their actions include notable brands such as:

  • Panera Bread
  • ADT Security
  • Crunchyroll
  • Bumble

Most recently, they even breached Rockstar Games, the development studio behind the Grand Theft Auto series.

Conclusion

As the educational sector grows increasingly reliant on digital platforms, this breach raises serious concerns regarding the security of user data within educational technology. Instructure's proactive measures are a step towards securing sensitive information, but the lingering effects of this breach remind all users in the digital age to remain vigilant about their online security.

Popular news

Trump declares a three-day ceasefire in the Russia-Ukraine war, with both sides agreeing. A prisoner exchange is also set in motion.

Trump Announces Historic Three-Day Ceasefire in Ukraine-Russia Conflict
Business iconBusiness

Trump Announces Historic Three-Day Ceasefire in Ukraine-Russia Conflict

09 May 2026
Inflation Drumbeat Persists for Unnerved US Consumers
Business iconBusiness

Inflation Drumbeat Persists for Unnerved US Consumers

09 May 2026
Niger Halts Operations of Nine French Media Outlets Amidst Press Freedom Concerns
World iconWorld

Niger Halts Operations of Nine French Media Outlets Amidst Press Freedom Concerns

09 May 2026
Trump Announces Three-Day Ceasefire Between Russia and Ukraine
World iconWorld

Trump Announces Three-Day Ceasefire Between Russia and Ukraine

08 May 2026
Costa Rica Swears in Right-Wing President Laura Fernandez
World iconWorld

Costa Rica Swears in Right-Wing President Laura Fernandez

08 May 2026

Subscribe to
our news

Get the most important updates and top stories in your inbox.

mail