ShinyHunters Throws Education System Into Chaos

         Around the early afternoon of Thursday May 7, one of the largest Learning Management Systems, Canvas, was hacked by black-hat criminal hacker and extortion group ShinyHunters. Said to have formed in 2019-2020, they’ve taken part in and directly caused major data breaches, data theft, and the exchange of information on the dark web. ShinyHunters is known for demanding randoms under the threat of colossal data leaks for financial gain.

         What does this mean for the approximate 9,000 institutions affected in the United States, Canada and Australia? Only time will tell as this precarious situation rests in the hands of Instructure (Canvas).

         Below is the message ShinyHunters left on the platform before it was taken down. It’s been replaced with a note saying the site is under maintenance.

         In addition to this message, it mentions another one released a few days ago. The previous random letter has been tracked through Ransomware.live. It was discovered to be sent on May 3, when ShinyHunters claimed they were in possession of data from about 9,000 schools of roughly 275 million individuals. It read, “This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that’ll come your way.” Evidently, they followed through.

         Hundreds of millions are at risk of their data being leaked unless Canvas takes action before the rapidly approaching deadline of May 12. Again, only time will tell the fate of the scenario at hand.