Educational site Canvas has been disabled as part of a national security breach. The University of Wisconsin-Milwaukee warned students not to interact with the platform until the matter is resolved.

At around 3 p.m. on May 7, students found they could no longer log in to Canvas. ShinyHunters, a prolific criminal hacker and extortion group, claimed to be behind the data breach.

When some users tried to access Canvas they instead saw a message from the hackers that included an end-of-day deadline of May 12 for any schools “to negotiate a settlement” and stop them releasing data. Instructure was given the same deadline.

ShinyHunters' ransomware note. It reads: "SHINYHUNTERS rooting your systems since '19 ;) ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some "security patches". WARNING If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked. Instructure still has suntil EOD 12 May 2026 to contact us. DOWNLOAD AFFECTED_SCHOOLS.TXT 91.215.85.103/pay_or_leak/instructure_affected_schools_list.txt visit us: shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion
ShinyHunters’ Ransomware Note Credit: Anonymous / ShinyHunters

ShinyHunters also seemed to prompt some people to log into a fake Canvas page in order to steal passwords and usernames.

If you are already in Canvas and it prompts you to perform any action — such as clicking a link, logging in, resetting your password or completing any tasks — do not proceed. These prompts may not be legitimate while the system is down.

UWM via email

This breach affects Instructure’s cloud system; however, Microsoft 365 logins are not affected. UWM is reassuring students that they do not collect dates of birth, government identifiers and financial information in Canvas.

Those who go to Canvas now see a page that blames the outage on “scheduled maintenance” or a page stating “this site can’t be reached.”

UWM asked instructors to postpone deadlines for assignments due on Thursday, May 7. With finals looming, however, students are concerned.

“We do have an exam tonight, and now we can’t pull up the study guide material that they gave us,” UWM student Finley Kunz said of how the breach impacted him.

ShinyHunters’ hack of Instructure began last week. Their original ransom note with a May 6 deadline warned “FINAL WARNING PAY OR LEAK”. Instructure announced on May 2 they had contained the attack and were investigating the source. In their May 7 ransom note, ShinyHunters points to this saying that “instead of contacting us to resolve it they ignored us and did some “security patches.”

Canvas, by Utah-based educational technology company Instructure, is the world’s largest Learning Management System (LMS). Half of U.S. universities use Canvas, as well as thousands more worldwide. The hackers claim they accessed the data of nearly 9,000 schools and 275 million individuals.

“The Universities of Wisconsin are a part of a nationwide Canvas outage. It is not isolated to one university and affects a cloud-based system operated by Instructure,” said Mark Pitsch, spokesperson for the Universities of Wisconsin.

This is a developing story. UWM says it will continue to actively monitor the situation and the UWM Post will update readers when possible.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.