Canvas cyberattack: Who, what, when, how?
What and when?
Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise. Instructure, a leading educational technology company based in Salt Lake City, Utah, was founded in 2008 and its Canvas LMS was launched in 2011. The ShinyHunters warning gave Instructure a deadline of May 12, 2026, by which to contact them and negotiate a ransom deal in order to prevent the disclosure of Canvas data.
As early as May 1, 2026, ShinyHunters claimed...