Canvas
Coverage of Canvas in the Nexus archive.
- Canvas Hackers Target Dozens More Colleges
Hackers are targeting dozens of colleges through Canvas, an educational platform. The article highlights the ongoing security threat affecting multiple institutions.
- Canvas Crashes—Paper Not So Much
The article discusses the crash of Canvas in spring 2026 and notes that Paper was less affected. Elizabeth Redden surveyed students about their experiences with Canvas following the incident.
- Oxford Uni student data pwned yet again - this time via career platform breach
Oxford University's CareerConnect platform, managed by Group GTI, suffered a data breach exposing users' full names and email addresses, with encrypted passwords leaked for non-SSO users. The breach, attributed to a fixed security vulnerability, is separate from a recent Canvas platform attack affecting 275 million users. Group GTI and Instructure have not disclosed full details of the incidents.
- The Canvas breach proved that prevention is no longer enough
The Canvas breach resulted in 3.65 terabytes of data stolen from approximately 275 million users, highlighting the need for improved security measures. The attack was carried out by ShinyHunters, who compromised 'Free-For-Teacher' accounts and escalated rapidly. This incident exposes the gap in enterprise security frameworks, which still treat SaaS platforms primarily as availability problems.
- Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
Grafana Labs' GitHub repository was accessed by an attacker who stole its codebase and is threatening to release it unless a ransom is paid. The company has decided not to pay the ransom, citing the lack of guarantee that the data will be returned and the potential to incentivize further illegal activity. Grafana Labs has determined that no customer data or personal information was accessed during the incident.
- Canvas hack: is it ever a good idea to pay a ransom, and what happens to the data?
The US tech firm Instructure, operator of the education platform Canvas, has reached an agreement with hackers behind a ransomware attack that stole hundreds of millions of students' data. The company's language suggests a ransom may have been paid, despite advice against doing so. The attack caused outages and disrupted school services.
- Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Cybercriminal twins were caught after forgetting to turn off a Microsoft Teams recording, and other cybercrime stories unfolded including an alleged dark net market kingpin's arrest and OpenAI workers falling victim to a supply chain attack. The Instructure’s Canvas ransomware incident also came to a close. These events highlight the ongoing issues in cybersecurity.
- Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
Instructure reached an agreement with data theft and extortion crew ShinyHunters after a breach of Canvas user data, but experts doubt that stolen data was deleted. The incident affects nearly 9,000 universities and K-12 schools, and around 275 million students, teachers, and staff. Experts expect further phishing attacks using leaked information.
- Congress Puts Heat on Instructure After Canvas Outage
The House Committee on Homeland Security sent a letter regarding the Canvas cyberattack, which occurred on the same day that Canvas reached an agreement with the ShinyHunters cybercriminal group. The incident has put pressure on infrastructure. The edtech company is dealing with the aftermath of the attack.
- Deal reached with hackers to delete data stolen from the Canvas platform
A deal has been reached with hackers to delete data stolen from the Canvas educational platform. The breach occurred on the Canvas platform, which is used by educational institutions. The details of the deal and the amount of data deleted are not specified.
- US lawmakers demand answers from Instructure after Canvas data breaches
US lawmakers are demanding answers from Instructure after the company experienced two data breaches, resulting in the theft of large amounts of student data from its Canvas software. The breaches compromised sensitive information of students using the platform. Lawmakers want to know how the hacks occurred.
- Hackers agree to delete stolen data from Canvas
Hackers have agreed to delete stolen data from Canvas, a learning management system. The agreement comes after a security incident involving the theft of user data. Details about the hack and the negotiations with the hackers are not publicly disclosed.
- US govt seeks Instructure testimony on massive Canvas cyberattack
The US House Committee on Homeland Security is seeking testimony from Instructure executives regarding two cyberattacks on the Canvas platform by the ShinyHunters extortion group, which resulted in stolen student data and school disruptions. The attacks occurred during final exams and targeted the company's platform. The committee's call for testimony indicates a growing concern over cybersecurity threats in educational institutions.
- Canvas platform strikes deal with hackers to delete students’ stolen data
Canvas platform struck a deal with hackers to delete stolen student data after a cyberattack caused chaos for students and faculty during finals. The hack delayed some final exams and affected many students. Instructure, the parent company of Canvas, reached an agreement with the unauthorized actor involved.
- Canvas platform strikes deal with hackers to delete students’ stolen data
Canvas platform struck a deal with hackers to delete stolen student data after a cyberattack caused chaos for students and faculty during finals. The hack affected the online learning system, delaying some final exams. Instructure, the parent company of Canvas, reached an agreement with the unauthorized actor involved.
- Congress investigates Canvas breach as company pays ransom
The US Congress is investigating a breach of Instructure's Canvas online platform, which was hacked twice in two weeks, and the company has paid a ransom to extortion crew ShinyHunters. The breach affected up to 275 million students, teachers, and staff. Instructure's CEO Steve Daly has been summoned to explain the circumstances of the intrusions.
- Canvas' parent company strikes deal with hackers to delete stolen data
A hacking group named ShinyHunters claimed responsibility for the Canvas breach and threatened to leak data involving 275 million individuals if schools did not pay a ransom. The parent company of Canvas has struck a deal with the hackers to delete the stolen data. This deal aims to prevent the sensitive information from being leaked.
- Instructure strikes deal with hackers who breached it twice
Instructure reached an agreement with hackers who breached its Canvas school software twice, but no guarantees were provided that the data would not be released or that the hackers would keep their word. The breach occurred twice and the company is trying to mitigate the damage. The outcome of the agreement is uncertain.
- Canvas owner reaches ‘agreement’ with hackers to secure stolen data
Instructure, the company behind Canvas, reached an agreement with hackers to secure stolen data, preventing a leak of 3.5 terabytes of student data. The agreement came after the ShinyHunters hacking group claimed responsibility for the attack and threatened to publish the data. Instructure claims no customers will be extorted as a result.
- Instructure pays ransom after Canvas incident as Congress announces investigation
Instructure paid a ransom to hackers after a security incident involving Canvas, and Congress has announced an investigation into the matter. The company agreed to the hackers' terms, which included the return of their data and digital confirmation of its destruction. This incident has led to a congressional investigation.
- Canvas hack: company pays criminals to delete students' stolen data
The company behind Canvas has reached an agreement with hackers to delete stolen student data. The hack disrupted thousands of colleges and universities. The agreement was made to protect sensitive student information.
- Canvas hack: company pays criminals to delete students' stolen data
The company behind Canvas has reached an agreement with hackers to delete stolen student data. The hackers had disrupted thousands of colleges and universities. The agreement involves the company paying the hackers.
- Canvas hack: Company pays criminals to delete students' stolen data
The company behind Canvas has reached an agreement with hackers to delete stolen student data. The hackers had disrupted thousands of colleges and universities. The agreement was made to protect sensitive student information.
- Instructure reaches 'agreement' with ShinyHunters to stop data leak
Instructure reached an agreement with ShinyHunters to stop a data leak from being leaked online after a recent breach, involving the Canvas learning management system. The agreement aims to prevent stolen data from being published. Instructure is an edtech giant.
- Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Instructure reached a ransom agreement with ShinyHunters to stop a 3.65TB Canvas leak after a network breach. The breach threatened to leak stolen information from thousands of schools and universities. Instructure is the parent company of Canvas.
- Instructure pays ransom to Canvas hackers
Instructure paid a ransom to hackers who compromised Canvas, a learning management system. The incident was reported and updates are available on Instructure's website. Further details can be found in related news articles.
- Pressure mounts on Canvas as data leak extortion deadline looms
Cybercriminals are threatening to leak sensitive data from Canvas, a widely used education tech platform, after a prolonged cyberattack. The company behind Canvas, Instructure, has taken the platform offline following malicious activity. A decentralized crew of cybercriminals, ShinyHunters, is attempting to extort the company for an unknown ransom amount.
- Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
Instructure's online learning platform Canvas experienced two rounds of unauthorized activity, with data theft and extortion crew ShinyHunters threatening to leak data of over 275 million students and staff. The breach affected nearly 9,000 schools worldwide, including Harvard and Stanford universities. Instructure has taken measures to contain the incident and notified the FBI and US Cybersecurity and Infrastructure Security Agency.
- Canvas got hacked, provost banned exams, professor responded by assigning Hayek
The University of Illinois at Urbana-Champaign's Canvas platform was hacked, prompting the provost to ban exams. A professor responded by assigning work related to Friedrich Hayek. The incident occurred unexpectedly.
- Instructure confirms hackers used Canvas flaw to deface portals
Instructure confirmed a security vulnerability in Canvas allowed hackers to modify login portals and leave an extortion message. The issue was related to a flaw in the Canvas platform. Hackers exploited this flaw to deface the portals.
- School app Canvas breach hits during finals
Canvas, a school platform used by colleges and universities, experienced a breach during finals week, causing stress and confusion among students and teachers. The outage was caused by unauthorized activity detected by Instructure, the company behind Canvas. Instructure temporarily took Canvas offline to contain the activity and apply additional safeguards.
- Hacked educational platform partially restored for millions of students
The educational platform Canvas was breached by hacker group ShinyHunters, who threatened to leak student data. The platform has been partially restored for millions of students. The breach and restoration affect students' access to educational resources.
- International cyber attack disrupts swathe of universities and schools
A hacking group breached the academic software Canvas, disrupting thousands of schools and universities worldwide. The attack affected a swathe of universities and schools that use Canvas. The breach has significant implications for global education.
- International cyber attack disrupts swathe of universities and schools
A hacking group breached Canvas, an academic software used by thousands of schools and universities worldwide, disrupting their operations. The attack has affected a swathe of educational institutions globally. The breach highlights concerns over cybersecurity in the education sector.
- Schools across U.S. disrupted after Canvas education platform hacked
The parent company of Canvas experienced a cybersecurity incident, disrupting schools across the U.S. The incident affected students and involved the popular cloud-based education platform. NBC News reported on the impact with Valerie Castro explaining the details.
- How a massive hack on school software disrupted classes across America
A massive hack on school software called Canvas disrupted classes across America, affecting schools such as Columbia University. The hack had a significant impact on educational institutions. Classes were disrupted due to the security breach.
- Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
A cyberattack disrupted the online learning platform Canvas, causing chaos at schools and colleges throughout the US as students were due to take final exams. The platform was taken offline temporarily after identifying unauthorized activity in its network. Canvas parent company Instructure reported that the platform was back online as of Friday morning.
- Canvas is back online, but questions — and final exam disruptions — linger
Canvas is back online after a ransomware attack, but some schools are warning users not to log back in due to ongoing concerns about a data breach. The incident has caused disruptions to final exams. Half of North America's higher education institutions use the Canvas platform.
- Canvas outage delays college finals across the country
A cyberattack on Canvas, a learning platform used by thousands of schools, has caused universities across the country to reschedule or cancel finals. The attack was detected in late April and resulted in the breach of personal information. Canvas is back online after being shut down.
- Cyberattack on system used by thousands of US schools disrupts final exams
A cyberattack on Canvas, a system used by thousands of US schools, caused a nationwide outage and disrupted final exams. Students and faculty were left unable to access course materials, causing chaos and panic. The incident highlights education's dependence on technology.