Massive Canvas Cyberattack Paralyzes US Education as Final Exams Underway

Canvas Login Page Defaced, Platform Shut Down

A brazen cyberattack has crippled the Canvas learning platform, throwing thousands of U.S. schools and universities into chaos during final exam week. The hack, claimed by the cybercrime group ShinyHunters, defaced the service's login page with a ransom demand threatening to leak data on 275 million students and faculty across nearly 9,000 institutions.

Canvas parent company Instructure responded by taking the platform offline, replacing the login portal with a message citing scheduled maintenance. “We anticipate being up soon and will provide updates as soon as possible,” reads the current status page, as frantic students and teachers report being locked out of course materials and grades.

“This is a nightmare scenario for schools,” said Dr. Emma Torres, a cybersecurity analyst at EduSafe Institute. “Shutting down the platform mid-exams is disruptive, but the real fear is the potential leak of private messages and student data.”

Background: Earlier Breach and Escalating Threats

Instructure had already acknowledged a data breach earlier this week, with ShinyHunters claiming responsibility and demanding a ransom. The deadline was initially set for May 6 but later pushed to May 12. In a May 6 statement, the company said stolen information includes “certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users.”

Instructure had also stated, “At this stage, we believe the incident has been contained.” However, by mid-day on May 7, students and faculty saw the ransom demand replace the login page, prompting Instructure to pull Canvas offline entirely. The extortion message advised schools to negotiate their own payments to prevent data publication, regardless of Instructure’s response.

What This Means: Exams Disrupted, Data at Risk

The timing could not be worse: many institutions are administering final exams, and a prolonged outage may force last-minute changes to grading policies. If the stolen data—which ShinyHunters claims includes billions of private messages, names, phone numbers, and emails—is leaked, it could lead to identity theft and privacy violations for millions.

Instructure has not yet confirmed whether the defacement indicates a deeper intrusion. “While the data stolen may or may not contain particularly sensitive information, this attack has already eroded trust,” warned cybersecurity expert James Liu. Schools now face the challenge of determining whether to negotiate with hackers or wait for Instructure to restore services and assess the full scope of the breach.

The incident underscores the vulnerability of critical education infrastructure. As investigations continue, affected institutions advise students to monitor accounts and change passwords on other services. For now, the message on Canvas remains: “Check back soon.”