A major outage impacting Canvas, one of the world’s most widely used learning management systems, disrupted universities and school districts across the United States and worldwide.
The disruption came after threat actors linked to the ShinyHunters extortion group breached the parent company, Instructure, and defaced hundreds of institutional login portals.
The incident left millions of students and educators unable to access coursework, assignments, grades, lecture recordings, messaging systems, and exam materials during one of the busiest academic periods of the year.
The disruption escalated yesterday when users attempting to log into Canvas were shown a ransom-style message claiming responsibility for a second breach of Instructure. The message warned that stolen data would be leaked on May 12 unless negotiations were opened with the attackers.
lakerdave | Reddit
The attackers exploited a vulnerability that allowed them to modify Canvas login portals. The defacements remained visible for about 30 minutes before Instructure took affected systems offline.
Canvas is operated by Utah-based education technology company Instructure and serves more than 30 million users across over 8,000 educational institutions worldwide. The platform is widely used for assignments, grading, quizzes, file sharing, and communication between faculty and students.
Universities, including Rutgers, Georgetown, Columbia, Harvard, Princeton, MIT, the University of Pennsylvania, and the University of Washington, all acknowledged disruptions tied to the incident. Multiple K-12 districts across several states also reported outages.
The timing amplified the impact, with many schools in the middle of final exams and project submissions. Students reported losing access to study guides, lecture recordings, coursework, and professor announcements during critical exam preparation periods.
The outage also disrupted communication between schools and students, as many instructors rely on Canvas announcements and messaging systems rather than email. Some universities shifted temporarily to alternative communication methods and delayed assignments or exams.
James Madison University revised its exam schedule due to the outage, postponing some tests until the following week.
The latest incident follows an earlier cybersecurity breach disclosed by Instructure on May 1. Instructure said attackers accessed names, email addresses, student ID numbers, and messages exchanged between users. The company stated there was no evidence that passwords, government identifiers, dates of birth, or financial information were exposed.
Instructure said it revoked privileged credentials, rotated access keys, deployed security patches, and increased monitoring after detecting the earlier intrusion. On May 6, the company said the incident had been contained and that Canvas was “fully operational.”
However, the renewed disruption and portal defacements the following day suggest that attackers may have retained access or exploited additional vulnerabilities.
By Thursday evening, Instructure said Canvas services had been restored “for most users,” though some maintenance operations remained ongoing. The company has not publicly confirmed whether the outage was directly caused by the same attackers behind the earlier breach.
Leave a Reply