Instructure Pays Off ShinyHunters to Suppress 3.65TB Canvas LMS Data Leak

Instructure, the Utah-based edtech company that operates the Canvas learning management system, confirmed it reached an “agreement” with ShinyHunters after the extortion group breached its network and threatened to leak 3.65TB of data stolen from thousands of schools and universities. The nature of the “agreement” strongly implies a ransom payment.

Canvas is one of the most widely deployed LMS platforms in higher education globally, so the scale of potentially exposed student and institutional data is significant. Institutions using Canvas should monitor for follow-on phishing campaigns leveraging any exposed student/staff records. ShinyHunters has a history of monetizing data through secondary sales even after “agreements” are reached, so the risk of downstream exposure remains.