Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
News

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

Team-CWDBy Team-CWDMay 19, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities.

In an update shared on Monday, the Utah-based firm said it “reached an agreement with the unauthorized actor involved in this incident,” citing “concerns about the potential publication of data.”

In taking the controversial decision to pay a ransom to avoid a leak, the company said the agreement covers all its impacted customers and that the pilfered data was returned to it, along with digital confirmation of data destruction. It also said it has been informed that none of the company’s customers will be separately extorted as a result of the hack.

“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said.

It also said it’s working with expert vendors to support its forensic analysis, improve its cybersecurity posture, and conduct a comprehensive review of the data involved.

The disclosure comes as the ShinyHunters extortion crew waged a digital attack against Canvas, a popular web-based learning management system, late last month, resulting in the theft of 3.65TB of data. The incident impacted nearly 9,000 organizations.

Although the breach was assumed to be initially contained, a second wave of unauthorized activity tied to the same incident was detected on May 7, 2026, defacing the Canvas login portals with extortion messages at roughly 330 institutions and giving Instructure a deadline of May 12, 2026, to negotiate a ransom or risk a data leak.

The attackers are said to have weaponized an unspecified vulnerability “regarding support tickets” in its Free-for-Teacher environment to obtain initial access and siphon about 275 million records containing usernames, email addresses, course names, enrollment information, and messages. Instructure has emphasized that course content, submissions, and credentials were not compromised.

In the wake of the breach, Instructure has temporarily shut down Free-For-Teacher accounts. The company did not disclose the nature of the vulnerability, but said it revoked privileged credentials and access tokens for affected systems, rotated internal keys, restricted token creation pathways, and deployed additional security controls.

“The exfiltrated data provides threat actors enough personal context to conduct targeted phishing campaigns against staff, students, and parents alike,” Halcyon said.

“Leaked records can be used to impersonate school administrators, IT support, or financial aid offices in follow-on attacks. Students, parents, and personnel at affected institutions should be considered, and institutions should issue phishing advisories and direct communications immediately.”



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleMicrosoft Takes Down Group Operating Ransomware-Enabling Signing Tool
Next Article Agentic AI Accelerates Software Builds and Mobile App Attacks
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

What it takes to fool facial recognition

March 14, 2026

What’s at stake if your employees post too much online

December 1, 2025

A quick guide to recovering a hacked account

March 21, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.