Canvas LMS Reportedly Hit by Ransomware: SHINYHUNTERS Claims Attack During Exam Season

A widespread outage affecting Canvas, the learning management system operated by Instructure and used by thousands of educational institutions globally, appears to be the result of a ransomware attack. Users across multiple instances reported encountering a ransom message from the threat actor group SHINYHUNTERS, which claimed to have compromised the platform. Screenshots shared online showed the group's message displayed on affected school instances before Instructure replaced it with a standard downtime notification page.

The incident comes at a critical moment: exam season is underway at many institutions, amplifying potential disruption for students and faculty relying on the platform for assessments, submissions, and course materials. Downdetector logged a surge in outage reports for Instructure services. A list purporting to show affected schools circulated online, though verification has been complicated by traffic overload and content restrictions on hosting platforms. The full scope of compromised institutions remains unclear, and the authenticity of the claimed school list has not been independently confirmed.

SHINYHUNTERS is a known threat actor group with a track record of high-profile breaches. If confirmed, this incident would represent a significant security event for one of the world's most widely deployed educational technology platforms. Instructure has not yet issued a detailed public statement confirming the nature of the outage or addressing potential data exposure. The situation remains fluid, with institutions, administrators, and students awaiting clarity on service restoration timelines and any fallout for academic operations.