Instructure Data Breach Affects Millions of Students – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Instructure Data Breach Affects Millions of Students

Education technology giant Instructure has confirmed a major data breach affecting its popular Canvas Learning Management System (LMS). The attack, attributed to ShinyHunters, has exposed the personal data of tens of millions of students and educators.

Instructure Data Breach Affects Millions of Students

Summary of the Incident

Instructure, the owner of the Canvas Learning Management System (LMS) used by millions of students and educators worldwide, confirmed in an official statement on May 6, 2026, that it had suffered a major cyberattack. The company verified that the notorious cybercrime group ShinyHunters had infiltrated its systems and exfiltrated a significant amount of user data. This incident starkly highlights the dependency of educational institutions on third-party software providers and the inherent security risks that come with this reliance.

The attack was reportedly detected in late April 2026, but the public announcement was delayed until the company could complete its internal investigation and determine the scope of affected users. The event has caused significant concern, particularly because the sensitive data of millions of students in K-12 and higher education institutions is now at risk. The reputation of ShinyHunters for large-scale data breaches and for selling stolen data on cybercrime forums further exacerbates the severity of the situation.

Leaked Data and Scope

According to initial statements from Instructure and analyses by cybersecurity researchers, it is estimated that over 40 million students, teachers, and school administrators have been affected by the breach. This number is alarming, considering the global ubiquity of the Canvas LMS. The compromised data reportedly includes various types of sensitive information that could pose serious threats to user privacy and security. The types of data leaked include:

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Personal Identifiable Information (PII): Full names, student and teacher ID numbers, and email addresses.
  • Academic Information: Course enrollments, assignments, exam results, and grade transcripts.
  • Contact Information: In some cases, parent contact details and school announcements.
  • User Credentials: Passwords that were protected with a strong cryptographic hashing algorithm. While it's a positive that the passwords were not stored in plain text, it's important to remember that weak passwords can still be cracked through brute-force attacks.

The company stated that financial data, such as credit card information or social security numbers, was not affected by this breach, as such data is not stored on their systems. However, the leaked academic and personal information is a valuable resource for threat actors to conduct phishing attacks, identity theft, and other forms of fraud.

Technical Details of the Attack

Cybersecurity experts believe the initial point of entry for the attack was likely a targeted social engineering campaign. It is thought that the attackers targeted an Instructure employee with high-level privileges to steal their credentials. Such attacks often use deceptive emails or messages to trick a victim into revealing their password or other sensitive information. With these compromised credentials, ShinyHunters gained access to the company's cloud infrastructure, specifically to critical data hosted on Amazon Web Services (AWS).

The technical report indicates that the attackers exploited a misconfigured S3 (Simple Storage Service) bucket. Such configuration errors can cause data repositories that are meant to be private to become publicly accessible. The attackers leveraged this vulnerability to download a database backup containing millions of user records without being detected. This incident demonstrates the critical importance of cloud security and how even a minor configuration mistake can lead to catastrophic consequences.

Who Are the Affected Users?

This data breach potentially affects all educational institutions that use the Canvas LMS and all individuals associated with them. The primary groups affected are:

  • Students: The personal and academic data of millions of students, from kindergarten to university, is at risk. The exposure of data belonging to minors makes them particularly vulnerable to cyberbullying and other dangers.
  • Educators: The contact information and administrative accounts of teachers, lecturers, and professors have been compromised. This increases the risk of further attacks on institutional systems via fraudulent emails.
  • School Administrators: Data belonging to school management and administrative staff can pose a threat to the overall security of the institution.
  • Parents: Parent contact information linked to student records may also be part of the breach, making them targets for sophisticated fraud attempts.

It is important for users to get help from reliable platforms to find out if their information has been leaked. You can check if your email address has been compromised in this or other breaches by using a dedicated Data Breach Search service developed for such situations.

What Should You Do?

If you or your child attends an institution that uses the Canvas LMS, there are immediate steps you should take to protect your data:

  1. Change Your Password Immediately: Change the password for your Canvas account and any other online accounts where you have used the same password. Ensure your new password is strong and unique (containing uppercase/lowercase letters, numbers, and symbols).
  2. Enable Two-Factor Authentication (2FA): If your institution supports it, enable 2FA for your Canvas account. This feature adds an extra layer of security that prevents unauthorized access even if your password is stolen.
  3. Be Wary of Phishing Emails: Attackers may use the leaked email addresses to send you fraudulent emails that appear to be from Instructure or your school. Do not click on links or download attachments in these emails. Always carefully check the sender's address.
  4. Monitor Your Accounts: If you notice any suspicious changes to your academic records or personal information, contact your school administration immediately.

The Company's Statement

In an official statement, the CEO of Instructure expressed deep regret over the incident. The statement read, "The trust of our users is of the utmost importance to us, and we apologize for breaching that trust. As soon as we became aware of the incident, we took immediate action, engaged a leading cybersecurity firm, and notified law enforcement. We are reviewing all of our security protocols to secure our systems and prevent similar incidents from happening in the future." The company added that it would be contacting affected institutions directly to provide necessary information and offer support to users.

Kaynak

https://www.darkreading.com/cyberattacks-data-breaches/instructure-breach-exposes-schools-vendor-dependence

Share This Article
X LinkedIn WhatsApp
← Previous Post Iranian APT Hides Espionage as Chaos Ransomware Attack Next Post → Canvas Login Portals Hacked by ShinyHunters Gang

Weekly Newsletter

Curated data breach news delivered to your inbox every week.