ShinyHunters Launches New Cyber Extortion Campaign Against Instructure
Cyber Extortion Targeting Educational Institutions
The hacking collective known as ShinyHunters has emerged once again, initiating a cyber extortion scheme aimed at Instructure, the developer of the popular Canvas learning management system utilized by educational institutions globally. A menacing notice appeared on the Canvas login page of the University of Pennsylvania, urging schools to engage in private negotiations with the hackers by May 12, 2026, or face the public exposure of stolen data. The message criticized Instructure for neglecting prior outreach attempts and relying solely on 'security patches' following the breach.
Students headed to Penn's Canvas page are being greeted with the following message following the ShinyHunters hack of Instructure. https://t.co/jx9xTrqgIl pic.twitter.com/oilx2neBEU
— Ethan Young (@EthanMYoung_) May 7, 2026
ShinyHunters asserted that it had breached Instructure 'again,' claiming that the attack affected nearly 9,000 educational institutions, including all eight Ivy League universities. The group alleged to have acquired approximately 275 million records, encompassing billions of user messages and extensive personal data related to students, faculty, and institutions. The warning specifically mentioned a report from the Daily Pennsylvanian, which indicated that over 300,000 lines of user data from the University of Pennsylvania had already been compromised.
In their message, the hackers advised the impacted schools to 'consult with a cyber advisory firm' and reach out to them privately via the encrypted messaging service TOX to negotiate settlements before the deadline. This incident has sparked renewed concerns within the education sector, where Canvas plays a crucial role in managing assignments, coursework, communication, and student records. For many students and educators, the platform is integral to their daily academic activities, making the threat particularly distressing.
ShinyHunters has a history of involvement in several notable cyberattacks. Last fall, the group reportedly infiltrated Penn’s Graduate School of Education, and the latest claims indicate that the hackers are intensifying pressure on Instructure and its associated institutions. The complete extent of the breach and the validity of all claims made by the hackers have yet to be independently confirmed.