Behind the Canvas Hack and Instructure Ransom Payment
The article reports on a data breach of the Canvas educational platform by the group ShinyHunters, resulting in the theft of 3.5 terabytes of data. Instructure, the company behind Canvas, paid a ransom to the hackers to secure the return and destruction of the data, a move that contradicts general regulatory advice.
open_in_new
Read the original article: https://technologymagazine.com/news/canvas-hack-why-did-instructure-pay-ransom-t…
analyticsAnalysis
10%
Propaganda Score
confidence: 95%
Low risk. This article shows minimal use of propaganda techniques.
psychologyDetected Techniques
warning
Loaded Language
70% confidence
Using words with strong emotional connotations to influence an audience.
fact_checkFact-Check Results
13 claims extracted and verified against multiple sources including cross-references, web search, and Wikipedia.
check_circle
Corroborated
7
schedule
Pending
3
help
Insufficient Evidence
2
info
Single Source
1
“Tech giant Instructure has paid a ransom to ShinyHunters following the breach of Canvas – its educational software platform.”
CORROBORATED
Multiple independent web sources confirm that Instructure paid a ransom to ShinyHunters following the Canvas breach.
menu_book
wikipedia
NEUTRAL
— In early May 2026, Canvas LMS, a learning management system operated by private company Instructure, was affected by a data breach and outage. Instructure disclosed that it was investigating a cyberse…
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
menu_book
wikipedia
NEUTRAL
— Instructure Holdings, Inc. is an educational technology company based in Salt Lake City, Utah, United States. It is the developer and publisher of Canvas, a web-based learning management system.
https://en.wikipedia.org/wiki/Instructure
https://en.wikipedia.org/wiki/Instructure
menu_book
wikipedia
NEUTRAL
— ShinyHunters is a black-hat criminal hacker and extortion group that has been active since 2019 and is said to have been involved in a significant number of data breaches.
ShinyHunters have utilized …
https://en.wikipedia.org/wiki/ShinyHunters
https://en.wikipedia.org/wiki/ShinyHunters
+ 3 more evidence sources
“The threat group hacked the system twice within a two-week period”
CORROBORATED
Multiple sources report the system was hacked twice within a short period (two weeks or 7 days).
travel_explore
web search
NEUTRAL
— Tech giant Instructure has paid a ransom to ShinyHunters following the breach of Canvas – its educational software platform. The threat group hacked the system twice within a two-week period, and the …
https://technologymagazine.com/news/canvas-hack-why-did-inst…
https://technologymagazine.com/news/canvas-hack-why-did-inst…
travel_explore
web search
NEUTRAL
— Education technology company Instructure has confirmed it paid a ransom to hackers who breached its Canvas learning management system twice in less than two weeks, compromising data from 275 million u…
https://www.breitbart.com/tech/2026/05/12/canvas-developer-i…
https://www.breitbart.com/tech/2026/05/12/canvas-developer-i…
travel_explore
web search
NEUTRAL
— “ShinyHunters hacked Canvas LMS twice in 7 days. 275M student records. Every Ivy League. 9000 schools. KKR bought Instructure 5 months ago for $4.8B.
https://aifeefee.com/canvas-hacked-inside-the-largest-educat…
https://aifeefee.com/canvas-hacked-inside-the-largest-educat…
“the breaches disrupted thousands of institutions across the US, Canada, Australia and the UK.”
CORROBORATED
Sources confirm the breach affected approximately 9,000 institutions across the US, Canada, Australia, and the UK.
travel_explore
web search
NEUTRAL
— The cyber-attack affected an estimated 9,000 institutions in the US, Canada, Australia and the UK, with exams disrupted after the Canvas service went down.
https://www.bbc.com/news/articles/cdepzg83x87o
https://www.bbc.com/news/articles/cdepzg83x87o
travel_explore
web search
NEUTRAL
— Canvas access has been restored at all UC locations. UC will continue to monitor the situation as more information becomes available. Check UCnet for the latest updates and stay alert for phishing att…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
travel_explore
web search
NEUTRAL
— Instructure Canvas data breach exposed student records.Australian institutions are in scope as well. Hackread.com confirmed the full list includes institutions across the UK, Europe, and Asia-Pacific …
https://arnav.au/2026/05/07/instructure-canvas-data-breach-2…
https://arnav.au/2026/05/07/instructure-canvas-data-breach-2…
“According to ShinyHunters, the group stole over 3.5 terabytes of data.”
SINGLE SOURCE
Only one specific web result mentions the '3.5 terabytes' figure; other sources mention the breach but not this specific volume of data.
travel_explore
web search
NEUTRAL
— What data was stolen? Instructure says that passwords and other private credentials were not stolen in the breach.ShinyHunters also claimed that billions of private messages between users, including s…
https://tech.yahoo.com/cybersecurity/articles/instructure-da…
https://tech.yahoo.com/cybersecurity/articles/instructure-da…
travel_explore
web search
NEUTRAL
— Quick Facts: ShinyHunters Breach of Instructure. Incident: Instructure confirmed a major data breach affecting its Canvas learning management system. Threat Actor: The extortion collective ShinyHunter…
https://lumu.io/blog/instructure-canvas-breach-k12-supply-ch…
https://lumu.io/blog/instructure-canvas-breach-k12-supply-ch…
travel_explore
web search
NEUTRAL
— ShinyHunters claimed they stole over 3.5 terabytes of data, which includes personal identifying information such as names, email addresses, student ID numbers and messages between teachers and student…
https://cybermagazine.com/news/canvas-hack-why-did-instructu…
https://cybermagazine.com/news/canvas-hack-why-did-instructu…
“This includes personal identifying information such as names, email addresses, student ID numbers and messages between teachers and students.”
CORROBORATED
Multiple sources confirm the stolen data included names, emails, student IDs, and messages between teachers and students.
menu_book
wikipedia
NEUTRAL
— In early May 2026, Canvas LMS, a learning management system operated by private company Instructure, was affected by a data breach and outage. Instructure disclosed that it was investigating a cyberse…
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
menu_book
wikipedia
NEUTRAL
— The HTML canvas element allows for dynamic, scriptable rendering of 2D shapes and bitmap images. Introduced in HTML5, it is a low level, procedural model that updates a bitmap. The <canvas> element al…
https://en.wikipedia.org/wiki/Canvas_element
https://en.wikipedia.org/wiki/Canvas_element
menu_book
wikipedia
NEUTRAL
— Instructure Holdings, Inc. is an educational technology company based in Salt Lake City, Utah, United States. It is the developer and publisher of Canvas, a web-based learning management system.
https://en.wikipedia.org/wiki/Instructure
https://en.wikipedia.org/wiki/Instructure
+ 3 more evidence sources
“Instructure says the hackers agreed to return the data, prove they destroyed their copies and promise not to contact customers for money.”
CORROBORATED
Sources confirm Instructure received digital confirmation of data destruction and an agreement that customers would not be extorted.
travel_explore
web search
NEUTRAL
— Training Data: ElevenLabs’ Mati Staniszewski: How Voice Becomes the Interface for Everything. Sequoia Capital partners host conversations with leading AI builders and researchers to develop a deeper u…
https://wdcnews6.com/techmeme-instructure-reached-a-deal-wit…
https://wdcnews6.com/techmeme-instructure-reached-a-deal-wit…
travel_explore
web search
NEUTRAL
— Maker of Canvas Learning Platform Strikes Deal for Hackers to Return Data. Instructure, which provides Canvas software to thousands of schools and universities around the world, did not say what it ha…
https://www.nytimes.com/2026/05/12/us/canvas-instructure-hac…
https://www.nytimes.com/2026/05/12/us/canvas-instructure-hac…
travel_explore
web search
NEUTRAL
— it received "digital confirmation of data destruction"it had been informed that no Instructure customers would be extorted as a result of the incidentthe agreement covers all affected customers, with …
https://www.bbc.com/news/articles/cdepzg83x87o
https://www.bbc.com/news/articles/cdepzg83x87o
“On 29 April 2025, Instructure says it detected unauthorised activity in Canvas.”
CORROBORATED
Multiple independent sources report that Instructure detected unauthorized activity on April 29.
menu_book
wikipedia
NEUTRAL
— Forsyth County Schools (FCS) is a public school district in Forsyth County, Georgia, United States, based in Cumming. FCS serves over 55,000 students and is the largest employer in the county with ove…
https://en.wikipedia.org/wiki/Forsyth_County_Schools
https://en.wikipedia.org/wiki/Forsyth_County_Schools
menu_book
wikipedia
NEUTRAL
— ShinyHunters is a black-hat criminal hacker and extortion group that has been active since 2019 and is said to have been involved in a significant number of data breaches.
ShinyHunters have utilized …
https://en.wikipedia.org/wiki/ShinyHunters
https://en.wikipedia.org/wiki/ShinyHunters
menu_book
wikipedia
NEUTRAL
— Unicheck (previously known as Unplag) is a cloud-based plagiarism detection software that finds similarities, citations and references in texts.
Unicheck is primarily used in K-12 and higher education…
https://en.wikipedia.org/wiki/Unicheck
https://en.wikipedia.org/wiki/Unicheck
+ 3 more evidence sources
“On 7 May 2025, the Canvas login page displayed a message from ShinyHunters.”
CORROBORATED
Multiple sources report that ShinyHunters messages appeared on Canvas login pages on May 7, 2026.
menu_book
wikipedia
NEUTRAL
— ShinyHunters is a black-hat criminal hacker and extortion group that has been active since 2019 and is said to have been involved in a significant number of data breaches.
ShinyHunters have utilized …
https://en.wikipedia.org/wiki/ShinyHunters
https://en.wikipedia.org/wiki/ShinyHunters
menu_book
wikipedia
NEUTRAL
— In early May 2026, Canvas LMS, a learning management system operated by private company Instructure, was affected by a data breach and outage. Instructure disclosed that it was investigating a cyberse…
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
https://en.wikipedia.org/wiki/2026_Canvas_security_incident
menu_book
wikipedia
NEUTRAL
— Instructure Holdings, Inc. is an educational technology company based in Salt Lake City, Utah, United States. It is the developer and publisher of Canvas, a web-based learning management system.
https://en.wikipedia.org/wiki/Instructure
https://en.wikipedia.org/wiki/Instructure
+ 3 more evidence sources
“The gang mandated a deadline of 12 May 2026 before “everything is leaked”.”
INSUFFICIENT EVIDENCE
No evidence was found in the provided search results regarding a deadline of May 12, 2026. One source mentions a deadline of May 12, but the year is not explicitly 2026 in that specific snippet, and no other source corroborates the specific 'everything is leaked' phrasing for that date.
“the unauthorised actor carried out this activity by exploiting an issue related to our Free-For-Teacher accounts”
INSUFFICIENT EVIDENCE
No evidence was found in the provided search results regarding the exploitation of 'Free-For-Teacher' accounts.
“we have made the difficult decision to temporarily shut down Free-For-Teacher accounts.”
PENDING
“the incident update page on Instructure now carries a message from Steve Daly, CEO of Instructure.”
PENDING
“Christy Wyatt, President and CEO at Absolute Security.”
PENDING
info
Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.