Cyberattack Forces Canvas Offline During Finals Week
A coordinated cyberattack struck Instructure's Canvas learning platform on Thursday, causing widespread disruption as students across the United States were taking final exams. The company confirmed it took the platform offline after detecting unauthorized activity in its network.
By Friday morning, Instructure said the service was restored. 'We acted quickly to isolate the threat and bring Canvas back online to minimize impact on students and educators,' a company spokesperson stated. The attacker used the same access point exploited in a data breach disclosed just last week.
Data Accessed Includes Personal Student Information
According to Instructure, the compromised data includes user names, email addresses, student ID numbers, and messages exchanged on the platform. The company emphasized there is no evidence that passwords, dates of birth, government identifiers, or financial information were accessed.
Security experts warn that even limited data can fuel phishing campaigns. 'Student emails and IDs are valuable on the dark web,' said Dr. Maria Chen, a cybersecurity researcher at CyberRisk Institute. 'Affected individuals should be vigilant about suspicious messages.'
Ransomware Group Claims Responsibility
The notorious ransomware group ShinyHunters has claimed responsibility on its dark web site, stating it exfiltrated data from 275 million users across 8,800 schools. Instructure has not officially confirmed the scale, but said it is investigating the claim.
'ShinyHunters has a track record of targeting educational platforms,' noted Elias Torres, a threat intelligence analyst. 'Their motive appears to be extortion, but they also seek notoriety.'
Background
The attack occurred just one week after Instructure disclosed a separate data breach. The company had been working to fortify its defenses when the same threat actor exploited a previously undetected vulnerability.
Canvas is the most widely used learning management system in the U.S., serving over 30 million students and educators. The platform is critical for administering exams, submitting assignments, and communicating grades.
What This Means
While Canvas is back online, the incident underscores the vulnerability of educational infrastructure to cyberattacks. Schools may need to reschedule exams or adopt alternative grading methods for affected students.
Long-term, institutions will likely accelerate adoption of multi-factor authentication and security training. Students should monitor their accounts for unusual activity and avoid clicking on links in unsolicited emails claiming to be from Canvas.
What you can do: Change your Canvas password immediately, enable two-factor authentication if available, and report any suspicious messages to your school's IT department. Stay tuned for official updates from Instructure.