ShinyHunters Breach: 275M Identities Held Ransom by Canvas Hack

🚨 The Canvas breach is a wake-up call for EdTech — and enterprise IT. The hacker group ShinyHunters breached Instructure, the parent company of Canvas, disrupting learning for students at thousands of institutions nationwide — right in the middle of finals season. Nearly 275 million records were reportedly stolen. Schools from K-12 to major universities reported disruptions, and students logging into Canvas were greeted with ransom demands instead of their coursework. Hackers exploited Free-For-Teacher accounts — a feature vector that likely flew under the radar of most security teams. This isn’t just an education problem. It’s a reminder that vendor risk is your risk. One compromised SaaS platform can cascade across thousands of institutions overnight. #Cybersecurity #VendorRisk #EdTech #DataBreach #RiskManagement https://lnkd.in/gRBk2N3A

Security Managent here just blows my mind. Sadly it usually takes a breach on one's attack surface for the entity attacked invests money to prevent such external vulnerabilities. As noted in story ..... " "The group said it had breached Instructure “again” after the company failed to contact it to resolve its security issue. Instead, the group claimed that Instructure “ignored us and did some ‘security patches.’” Sounds like port scanners , so old school. Look until people start going on 'Active Offensive' for discovery, the bad guys will have an edge. Here even with a knock across the face, they ignored what was available to help. Canvas Online Learning Platform Shut Down for Hours After Cyberattack https://lnkd.in/d_qXx--i

The alleged ShinyHunters breach targeting Canvas reportedly impacted nearly 9,000 schools and exposed data tied to up to 275 million users globally. Finals week. AP exams. Peak operational dependency. This is the new reality: identity and SaaS platforms have become critical infrastructure. When they fail, operational disruption follows at scale. Cybersecurity is no longer just about protecting systems, it’s about maintaining continuity. https://lnkd.in/eTRRnRx7

Canvas Online Learning Platform Shut Down for Hours After Cyberattack Canvas, a platform used by over 8,000 universities and K-12 schools for course websites, assignments and communication, shut down for several hours on Thursday. A hacking group claimed responsibility for a data breach affecting the company that owns the platform, jeopardizing the personal data of millions of students and teachers. ShinyHunters, the hacking group that claimed responsibility for the Instructure data breach, said it had accessed data from more than 275 million people across nearly 9,000 schools, according to a ransom letter shared on May 3 by Ransomware.live, which monitors ransomware groups. An email shared with students at Barnard College in New York said the outage had appeared to be “the result of a previous cyberattack on Instructure.” Instructure disclosed on May 1 that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor.” Steve Proud, Instructure’s chief information security officer, said the company had enlisted forensics experts to minimize the impact of the breach. Most users regained access to the platform hours after a hacking group said it had attacked Canvas’s parent company and breached 275 million people’s data. #cyber #breach #security #schoolsystem #Canvas https://lnkd.in/eraF9bUH

REALTIME Canvas breech by ShinyHunters — the same criminal extortion group behind breaches at Ticketmaster, Google, and multiple universities claiming responsibility - At Abnormal AI we are not only concerned for the breach itself, but especially downstream for the next days/weeks/months/years as this Instructure breech has exposed names, email addresses, student IDs, inter-user messages across thousands of institutions (estimating ~9,000 institutions and 41% of higher ed for scale)— we are expecting a significant uptick in phishing campaigns leveraging this data. Likely vectors they will be attacking: - Lures impersonating Instructure / Canvas support, breach notification, or "reset your password" workflows. - Lures impersonating University IT or instructors using the leaked name/email/student ID combinations to add legitimacy. - Longer-tail credential harvesting and BEC pivots once the data is fully leaked. - Targeting of faculty/admin accounts using student-context pretexts pulled from leaked message content. Abnormal AI can help!!!! https://lnkd.in/gPSFDwHH #CityGovernment #LocalGovernment #EmailSecurity #Cybersecurity #CountyGovernment #LocalGovernment #EmailSecurity #SecurityOperations #StateGovernment #SLED #EmailSecurity #Cybersecurity #K12Education #EmailSecurity #Microsoft365 #Cybersecurity #HigherEducation #EmailSecurity #GoogleWorkspace #SecurityOperations #Microsoft365 #EmailSecurity #Cybersecurity #Education #CommunityCollege #AbnormalSecurity #abnormalAI

A ransomware group just breached a cybersecurity vendor. Let that sink in. RansomHouse claimed access to a portion of Trellix's source code repository on April 17. Trellix confirmed the intrusion and says there's no evidence the software distribution pipeline was affected, but the investigation is ongoing and the full scope hasn't been confirmed. That was last week. This week, ShinyHunters breached Instructure, the company behind Canvas, claiming access to data from nearly 9,000 schools worldwide — hitting during finals season, with billions of private messages and records reportedly accessed. Wikipedia Two major breaches. Two weeks. Two different industries. The threat actors aren't slowing down. A cybersecurity vendor and an edtech platform used by millions of students both got hit in the same month. No sector is off limits. This is the time of the year that threat actors get busy. Why? You are going on summer vacations, and they know that! If your security posture still assumes the perimeter holds, these are the weeks that should change that conversation. #cybersecurity #datasecurity #threatintelligence #CISO #databreach Worth a proactive conversation before they ask you about it. https://lnkd.in/gUax_eWJ https://lnkd.in/gEeUzh9h #cybersecurity #datasecurity #DLP #threatintelligence #CISO

Cyber threats are no longer something that only affect large corporations. The recent Canvas-related cyber incident impacting over 9,000 schools and hundreds of millions of student records is another reminder that no organization is immune. Educational institutions, healthcare providers, manufacturers, small businesses — everyone is a target. The question is no longer if an attack will happen. It’s whether your business is prepared when it does. Too many organizations still rely on reactive security measures, outdated infrastructure, or fragmented solutions that leave gaps attackers can exploit. Cybersecurity requires a layered, multifaceted approach that combines connectivity, visibility, protection, and rapid response. At Vyve Broadband, we help businesses strengthen their defenses with a robust portfolio of solutions including: • Managed Firewall & Network Security • Cisco Meraki Cloud-Managed Security • Secure Fiber Connectivity • UC & Collaboration Solutions • Managed Wi-Fi & Network Monitoring • End Point Protection • Business Continuity & Reliability Solutions Don’t let your company become the next headline. Investing in cybersecurity is no longer optional — it’s foundational to protecting your customers, employees, and reputation. #CyberSecurity #ManagedServices #FiberInternet #CiscoMeraki #BusinessSecurity #TechnologySolutions #MSP #CyberAwareness #VyveBroadband

Instructure, the company behind Canvas, is dealing with a major cyber incident impacting 8000+ k-12 schools and universities nationwide. When platforms become deeply embedded into everyday workflows, the responsibility around identity, authentication, and data isolation grows significantly, especially when students are involved. For payments and fintech, the broader lesson is resilience and dependency planning as more infrastructure centralizes onto shared platforms. For payments and fintech, the lesson is not just cybersecurity. It is resilience, authentication, vendor concentration, and isolation of critical systems. How are you thinking about dependency risk as more infrastructure consolidates onto shared platforms? #Cybersecurity #Payments #Fintech #RiskManagement

Was your school impacted by the recent Canva security incident? The attack breached 275 million people’s data. Cyber threats targeting education continue to grow, and many schools are realizing just how important layered security and proactive monitoring have become. Check out the recent New York Times article below for more on the attack and what it means for schools and IT teams. https://lnkd.in/gEJDtY7d

We’re all worried about AI taking over, but hackers are going back to the "Old School" basics to trick you. While the headlines are full of scary AI stories, a very "human" threat just resurfaced. I’ve been following a deep dive by Low Level and HiFay (from EXPMON team) about a sophisticated new attack hidden inside a PDF. It’s proof that while we’re looking at the future, hackers are busy perfecting the past… You receive a PDF that looks like a normal invoice or contract. But once you open it, two things happen silently: 1. A hidden script "peeks" at your computer settings to see exactly how your security is set up. 2. It uses a forgotten, old-school feature called an "RSS feed" to whisper your information back to the hacker. 3. If the hacker likes what they see, they send back a "digital key" that lets them take control of your machine. You won't see a single pop-up or warning. It just looks like a regular document! How to stay safe without being an IT expert: -> Updates! When Adobe Acrobat or Windows asks to update, don't hit "Remind me later." Those updates are the literal "patches" for these holes. -> Verify before you click. If you weren't expecting a PDF, don't open it. Call or text the sender to confirm they actually sent it. -> View in-browser. Try opening PDFs in Chrome or Edge instead of downloading them. Browsers have "safety bubbles" that make this specific trick much harder to pull off. Sometimes the biggest threats aren't the new robots, they're the old tricks we stopped looking out for. What 'old school' digital trick or scam do you still see people falling for today? Write in the comments. #TechTrends #Adobe #DigitalSecurity #WorkLife #BeSafe Lawrensics Investigations