Canvas Hacked: 'ShinyHunters' Hackers Shut Down Wildly Popular Platform Used by 41% of U.S. Colleges
Canvas, the wildly popular education platform used by schools throughout the U.S., was hacked on May 7 by a group calling itself "ShinyHunters." The group demanded a ransom and threatened to release student data.
According to Inside Higher Ed, the hackers previously stole data from Ticketmaster and Google before "breaching Instructure," an education technology company that owns Canvas, an educational learning platform used by 41% of universities and colleges in the U.S. Instructors use Canvas to deliver coursework.
The ShinyHunters hackers claimed that the hack disabled Canvas for 9,000 schools throughout the world, some K12. More than 30 million people use Canvas throughout the world, according to CNN.
ShinyHunters Hackers Previously Were 'Linked' to Hacks at Major Universities
According to Inside Higher Ed, ShinyHunters previously was linked to "recent data breaches at the University of Pennsylvania and Princeton and Harvard Universities."
College newspapers around the U.S. reported that Canvas was shut down for students, including at:
- The University of Minnesota, where Canvas went down around 3:20 p.m. on May 7.
- The University of Oklahoma and Norman Public Schools "are part of a worldwide Canvas data breach by a hacker group," reported Ou Daily.
- Northern Kentucky University was affected by the hack.
- Schools throughout the State of North Carolina lost access to Canvavs.
- The hackers warned the University of Pennsylvania to "negotiate a settlement." Eventually, the message was replaced with one reading that Canvas was down for "scheduled maintenance," reported the Daily Pennsylvanian.
The University of Wisconsin-Milwaukee informed students, "Logging into Canvas has been temporarily disabled. Additional status updates will be provided by Friday, May 8, 11:00 am. Your instructor will address your specific course as necessary."
The university noted: "Users are currently unable to log in to the Canvas learning management system because of a nationwide security breach. If you are already in Canvas and it prompts you to perform any action - such as clicking a link, logging in, resetting your password, or completing any tasks - do not proceed. These prompts may not be legitimate while the system is down." Other universities in Wisconsin were also affected by the breach.
Added UW-Milwaukee: "Instructors have been asked to postpone assignments due on Thursday, May 7, while this issue is addressed."
ShinyHunters Set a Deadline of May 12 Before 'Everything Is Leaked'
The Duke Chroniclereported that some Canvas users were receiving the message, "ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches.'"
According to the The Duke Chronicle, a message also read, "You have till the end of the day by 12 May 2026 before everything is leaked." Most students at Duke do not use Canvas, though.
A company called PowerSchool previously told WRAL-TV that it paid a ransom after student records were breached. "On a call with customers in January, PowerSchool said it paid a ransom to the hacker and then watched a video of the hacker deleting the data," WRAL News reported. "The ransom and video were among the reasons the company felt satisfied that the situation was contained."
This story was originally published by Men's Journal on May 8, 2026, where it first appeared in the News section. Add Men's Journal as a Preferred Source by clicking here.
2026 The Arena Group Holdings, Inc. All rights reserved.
This story was originally published May 7, 2026 at 7:00 PM.