A major Canvas hack 2026 has shaken the U.S. education system after a cyberattack reportedly exposed data from more than 275 million users. The breach disrupted schools and universities across the country, leaving students and teachers temporarily locked out of study materials, grades, and exam resources while security teams worked to contain the damage.
Generally, students and teachers were busy with the preparation of their final exams when, suddenly, the platform ceased operating, thus leaving them without their study materials, notes, and grades.
Due to this Canvas hack, data of more than 275 million users have been stolen, and those responsible for the hack have demanded a ransom.
A hell-raising hacking group going by the name ‘ShinyHunters’ is reported to have compromised Instruct, the owner of Canvas, thereby causing the incident.
Canvas Hacked: What exactly happened?
On Thursday, May 7, 2026, students attempting to access the Canvas site of universities in the US were greeted with a jarring message.
According to the note left by the ‘ShinyHunters’ group, Instruct had been hit with another hack, and as a result, the data of millions of students, teachers, and employees had been grabbed. There was also a threat that if they did not “pay money, data will be exposed”.
The assault did not limit itself to one day.
On May 1, Instruct was first targeted, resulting in the theft of 3.65 terabytes of data. It mainly consists of people’s names, emails, student IDs, and a billion private messages and conversations.
After that, the company promptly installed ‘security patches’, but the hackers reckoned that the company was negligent and, therefore, continued their assault.
Canvas is a cloud-based learning management system with nearly 30 million active users and over 9,000 institutions worldwide. More specifically, it is used in the US by K-12 schools as well as the top universities like Harvard, Princeton, Columbia, Duke, and Pennsylvania The Canvas hack forced the platform to enter temporarily a ‘maintenance mode’ and was completely closed down for a few hours.
The story of the affected institutions and students
Canvas hacked breach led to the rise of thousands of schools and universities in the country that were unable to login to their respective accounts. The Harvard Crimson reported that students were unable to log in.
On the other hand, Princeton, Rutgers, Georgetown, the University of Michigan, Indiana University, Duke, and UPenn closed campuses for the rest of the day and informed students via emails and texts. School districts in states like California, Florida, Texas, Washington, New York, Pennsylvania, and Oregon were dumbfounded.
Spokane informed parents that sensitive data is safe for now, but they need to keep an eye out.
Several schools decided to extend the final exam deadlines, while a few others canceled the papers and adopted the offline method. The students’ reactions were emotional.
“I was in the middle of studying for finals when I got logged out. I was scared because I didn’t have study materials. That’s the biggest problem,” said Anish Garimidi, a junior at the University of Pennsylvania.
“I missed the quiz, I was worried about midterms. How do you study lectures and notes without Canvas?”
Some students reacted with laughter on social media – “I got a break before finals!” However, most of them were disappointed because grades, assignments, and video lectures were dependent on Canvas.
ShinyHunters: Who are these hackers?
The group ‘ShinyHunters’, which is behind the Canvas hacked incident, is a notorious group that has been active since 2019. These black-hat hackers steal data and ransom it, sell it on the dark web if not given or leak it. Ticketmaster, Google’s Mandiant has joined them.
In 2024, the U.S. Department of Justice took ShinyHunters member off the streets, who was responsible for data theft in 60+ companies, tech, entertainment, and fitness ones among other industries. They use voice phishing, fake login pages. This year 400 companies were hacked, such as Snowflake, Salesforce.
The group defaced the login pages of 330 organizations on Canvas, appeared for 30 minutes and then left. They set a deadline for May 12 – negotiate or data leak.
Following the Canvas hack, Instruction announced on Thursday night that the platform was up and running for “most users”. Security patches have been applied, monitoring has been increased, API keys have been rotated, and customers have been told to reauthorize.
The company reassured that passwords, DOBs, and financial data are safe and said that only names, emails, IDs, and messages have been exposed. The investigation is being carried out with the help of cyber experts and the FBI. Some organizations will receive individual notifications.
