fullscreen

eFinder

eFinder

HomeCybersecurity Vulnerability › Article

Was Canvas hacked? What we know as issues reported at schools across U.S.

Nbcwashington · 🇺🇸 public United States · · 618 words · By Izzy Stroobandt
Cybersecurity Vulnerability Educational Technology Dependence
headphones Listen to the eFinder podcast briefing
Generate a natural audio summary of this story
Daily briefing

What to know about Cybersecurity Vulnerability

A system that thousands of schools and universities use was offline Thursday during a cyberattack, creating chaos as students tried to study for finals and underscoring education’s dependence on technology.

Claims checked 13
Techniques found 1
Topics 2

Coverage spectrum

Coverage gap: Low Left coverage
Left0%
Center86%
Right14%

7 sources compared across this story cluster. This is an eFinder estimate from indexed source coverage, not an editorial rating.

What happened

A system that thousands of schools and universities use was offline Thursday during a cyberattack, creating chaos as students tried to study for finals and underscoring education’s dependence on technology.

Why it matters

Around 2:50 p.m., reports of issues with Canvas, a learning management system used by roughly 40% of higher education institutions in North America, began popping up on Down Detector.

Common ground

By 3:35 p.m., over 8,500 reports had been made by users.

Perspective signals

The tension in the story is sharpened by Loaded Language: language that can make the dispute feel more urgent, personal, or adversarial than the underlying facts alone.

open_in_new Read the original article: https://www.nbcwashington.com/news/national-international/was-canvas-hacked-what…

psychologyPropaganda Techniques Detected

eFinder identified 1 propaganda technique in this article. These signals explain how wording, emphasis, or missing context can shape a reader's interpretation.

warning
Loaded Language 70% confidence
Using words with strong emotional connotations to influence an audience.
Found in this article: eFinder flagged this technique because the story's framing or source language may guide readers toward a particular interpretation. Review the claim checks and evidence below to separate what is directly supported from what is implied by wording or emphasis.
Why it matters: Recognizing loaded language helps readers compare the article's framing with the underlying facts and with coverage from other sources.

fact_checkClaims Checked

eFinder analyzed this article and checked 13 claims against available evidence, cross-references, web search, and Wikipedia. Here is what the fact-checking layer found.

check_circle Corroborated 5
info Single Source 3
schedule Pending 3
help Insufficient Evidence 2
info
Claim 1: “Canvas, a learning management system used by roughly 40% of higher education institutions in North America”
SINGLE SOURCE
While sources confirm Canvas is a world-leading LMS used by educational institutions, the specific statistic of 'roughly 40% of higher education institutions in North America' is not explicitly corroborated by the provided evidence.
travel_explore
web search NEUTRAL — The following is a list of universities and other higher educational institutions in Russia, based primarily on the National Information Centre on Academic Recognition and Mobility webpage of the Mini…
https://en.wikipedia.org/wiki/List_of_institutions_of_higher…
travel_explore
web search NEUTRAL — Discover Canvas by Instructure, the world-leading, user-friendly LMS designed to simplify teaching and enhance student learning.
https://www.instructure.com/canvas
travel_explore
web search NEUTRAL — Canvas offers a number of services to educational institutions not limited to online learning. Students using Canvas can also take part in online assessments and access workbooks.
https://www.newsweek.com/canvas-down-not-working-learning-pl…
schedule
Claim 2: “officials in Spokane, Washington, writing that they aren't “aware of any sensitive data contained in this breach.””
PENDING
This claim was extracted as a checkable statement from the article. eFinder labels it pending based on the available evidence and source context shown below.
schedule
Claim 3: “The student newspaper at Harvard reported that the system was down there, too”
PENDING
This claim was extracted as a checkable statement from the article. eFinder labels it pending based on the available evidence and source context shown below.
help
Claim 4: “the University of Iowa's director of information technology wrote in announcing that the school's online system was down”
INSUFFICIENT EVIDENCE
No evidence was provided for this claim in the search results.
info
Claim 5: “the group began threatening Sunday to leak the trove of data, giving deadlines of Thursday and May 12”
SINGLE SOURCE
The provided evidence confirms ShinyHunters' involvement and the timing of the outage, but does not specifically mention the Sunday threat or the specific deadlines of Thursday and May 12.
travel_explore
web search NEUTRAL — ShinyHunters ShinyHunters is a black-hat criminal hacker and extortion group that is believed to have formed in 2019, and is said to have been involved in a significant amount of data breaches.
https://en.wikipedia.org/wiki/ShinyHunters
travel_explore
web search NEUTRAL — 1 day ago · This story is developing and will continue to be updated. Students were unable to access Canvas on Thursday afternoon after cybercrime group ShinyHunters shut down Penn’s access to the int…
https://www.thedp.com/article/2026/05/penn-canvas-shinythunt…
travel_explore
web search NEUTRAL — 4 hours ago · Hackers linked to massive Canvas breach affecting schools ShinyHunters claims responsibility for a cyberattack on Instructure, affecting nearly 275 million users of the Canvas platform.
https://www.hindustantimes.com/world-news/us-news/what-is-sh…
schedule
Claim 6: “Sean Reynolds, Vice President for Information Technology and Chief Information Officer for Northwestern University, said the school's IT office was aware of the issue and monitoring it.”
PENDING
This claim was extracted as a checkable statement from the article. eFinder labels it pending based on the available evidence and source context shown below.
info
Claim 7: “Around 2:50 p.m., reports of issues with Canvas... began popping up on Down Detector. By 3:35 p.m., over 8,500 reports had been made by users.”
SINGLE SOURCE
The provided evidence for this claim consists of general definitions of Down Detector and the word 'down', but does not provide the specific report numbers or timestamps for the Canvas incident.
travel_explore
web search NEUTRAL — Check if services are down based on real-time user reports. Downdetector shows live status updates and outages people are experiencing.
https://downdetector.com/
travel_explore
web search NEUTRAL — The meaning of DOWN is toward or in a lower physical position. How to use down in a sentence.
https://www.merriam-webster.com/dictionary/down
travel_explore
web search NEUTRAL — down adverb (DESTROY) If you burn, cut, or knock something or someone down, you cause it, him, or her to fall to the ground, usually damaged, destroyed, or injured:
https://dictionary.cambridge.org/dictionary/english/down
check_circle
Claim 8: “By 5 p.m., Instructure, which owns Canvas, said the software was "fully operational" and no "ongoing unauthorized activity" could be seen by the company at that point.”
CORROBORATED
Multiple sources, including the Instructure status page and university updates, confirm that Instructure stated Canvas was fully operational and no ongoing unauthorized activity was seen.
travel_explore
web search NEUTRAL — Resolved - UPDATE - Canvas is fully operational, and we are not seeing any ongoing unauthorized activity. As a precaution, we recommend customers follow security best practices, including enforcing MF…
https://status.instructure.com/
travel_explore
web search NEUTRAL — Update - Thurs., May 7, 8:15 a.m.: Instructure has published the following on the Instructure state page: Canvas is fully operational, and we are not seeing any ongoing unauthorized activity. As a pre…
https://www.umass.edu/it/instructure-incident
travel_explore
web search NEUTRAL — By May 6, the company reported that Canvas was fully operational and no longer saw unauthorized activity. Still, the next day, Rutgers University reported that they were aware of an unauthorized ...
https://www.wbay.com/2026/05/07/wisconsin-universities-publi…
help
Claim 9: “Virginia Tech acknowledged in a notice to students that the administration was aware of the effect on final exams”
INSUFFICIENT EVIDENCE
No evidence was provided for this claim in the search results.
check_circle
Claim 10: “The hacking group named ShinyHunters claimed responsibility for the breach at Instructure”
CORROBORATED
Multiple sources explicitly state that the hacking group ShinyHunters claimed responsibility for the breach at Instructure.
travel_explore
web search NEUTRAL — ShinyHunters is a black-hat criminal hacker and extortion group that is believed to have formed in 2019, and is said to have been involved in a significant amount of data breaches.
https://en.wikipedia.org/wiki/ShinyHunters
travel_explore
web search NEUTRAL — ShinyHunters Claims Responsibility for Breach of EdTech Company Instructure.Instructure confirms data breach, ShinyHunters claims attack. 2 days ago. By Lawrence Abrams.
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
travel_explore
web search NEUTRAL — ShinyHunters had previously claimed responsibility for the original hack, publicizing it on its leak site — a website hackers use to publish stolen data and pressure victims into paying ransoms — in a…
https://techcrunch.com/2026/05/07/hackers-deface-school-logi…
check_circle
Claim 11: “Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.”
CORROBORATED
Independent sources confirm that both Minneapolis Public Schools and the Los Angeles Unified School District were targets of past cyberattacks/ransomware.
travel_explore
web search NEUTRAL — The prior year, 1,043 schools across 58 districts were affected by these attacks, according to Emsisoft. One of the most prominent district ransomware attacks in 2022 came against Los Angeles Unified …
https://www.k12dive.com/news/ransomware-gang-cyberattack-min…
travel_explore
web search NEUTRAL — The Minneapolis school district hasn't acknowledged being a ransomware victim, while Callow and other cybersecurity experts have been harshly critical of how it has disclosed the attack to the ...
https://www.minnpost.com/other-nonprofit-media/2023/03/hacke…
travel_explore
web search NEUTRAL — Schools are easy targets for hackers Gravatt has two children who have already graduated from Minneapolis schools, and one who is currently in middle school.
https://www.npr.org/2024/03/12/1237497833/students-schools-c…
check_circle
Claim 12: “A system that thousands of schools and universities use was offline Thursday during a cyberattack”
CORROBORATED
Multiple independent web search results confirm that Canvas (a system used by thousands of schools) suffered an outage on a Thursday due to a cyberattack.
travel_explore
web search NEUTRAL — Canvas, Oklahoma State University's learning management system, suffered an outage Thursday afternoon during finals week, interrupting exams and grading across all OSU A&M campuses as parent company I…
https://www.ocolly.com/news/canvas-outage-tied-to-cyberattac…
travel_explore
web search NEUTRAL — Canvas by Instructure is a cloud-based Learning Management System (LMS) which is designed for educational institutions, schools, and businesses to manage online, hybrid, or in-person learning.
https://www.hindustantimes.com/world-news/us-news/canvas-dow…
travel_explore
web search NEUTRAL — Massive Canvas outage disrupts classes at Harvard, Stanford and thousands of schools The Canvas learning platform blocked in a cyberattack affecting thousands of US schools. It has been claimed by ...
https://gulfnews.com/world/americas/hackers-block-access-to-…
check_circle
Claim 13: “The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed”
CORROBORATED
Multiple sources report that ShinyHunters claimed nearly 9,000 schools were affected and billions of private messages/records were accessed.
travel_explore
web search NEUTRAL — The confirmation follows claims from ShinyHunters that data tied to 275 million users and nearly 9,000 schools was stolen, a scale that Instructure has not publicly verified.
https://www.techrepublic.com/article/news-canvas-instructure…
travel_explore
web search NEUTRAL — ShinyHunters breached Instructure’s Canvas learning management system, claiming 3.65 terabytes of data from 275 million users across 9,000 institutions worldwide, including private messages between st…
https://thenextweb.com/news/the-largest-education-data-breac…
travel_explore
web search NEUTRAL — In this case, ShinyHunters claimed to have accessed data from nearly 9,000 schools and 275 million individuals, including billions of private messages (TechCrunch, May 5, 2026).
https://www.rescana.com/post/instructure-canvas-data-breach-…
info Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.