Hackers deface school login pages after claiming another Instructure hack

5 days ago 5

A redacted screenshot of the connection ShinyHunters near connected the hacked login pages of Instructure's level Canvas.

1:59 PM PDT · May 7, 2026

On Tuesday, acquisition tech elephantine Instructure disclosed a information breach wherever hackers stole students’ backstage information, including their names, idiosyncratic email addresses, and messages sent betwixt teachers and students.

Now, it appears hackers were capable to compromise Instructure again — this clip defacing respective schools’ login pages to the company’s level Canvas, which allows schools to negociate coursework and assignments and pass with students.

TechCrunch saw a connection published by the cybercrime radical ShinyHunters connected the Canvas login pages of 3 abstracted schools. A reappraisal of the defaced portals shows that the hackers injected an HTML record that altered the login screens to show their message.

The connection says the hackers volition people the stolen information connected May 12 if the institution does not “negotiate a settlement.”

At the clip of writing, Instructure’s website appeared to beryllium partially online, astatine times returning a “too galore requests” error. The company’s Canvas portal displayed a announcement saying it was “currently undergoing scheduled maintenance.”

Instructure did not instantly respond to TechCrunch’s petition for comment.

ShinyHunters had antecedently claimed work for the archetypal hack, publicizing it connected its leak tract — a website hackers usage to people stolen information and unit victims into paying ransoms — successful an effort to extort Instructure into paying to support the information from going public. This evident caller hack, on with the information that hackers chose to notify TechCrunch astir the defaced login pages, bespeak that the hackers are trying to ramp up unit connected Instructure and its customers, hoping to unit them to cave to the hackers’ demands.

It’s unclear however the hackers were capable to compromise the login pages. When asked, a subordinate of ShinyHunters told TechCrunch that they couldn’t remark connected specifics, but said this is simply a second, abstracted breach.

Following the archetypal breach astatine Instructure, the hackers claimed to person stolen information from astir 9,000 schools astir the world, with the stolen files allegedly containing accusation connected 231 cardinal people.

The radical has compromised countless victims implicit the past mates of years, pursuing the aforesaid financially motivated playbook: hack, publicize, and extort.

Topics

Canvas, cybercrime, cybersecurity, data breach, ed tech, Education, extortion, hackers, hacking, instructure, Security, shinyhunters

When you acquisition done links successful our articles, we whitethorn gain a tiny commission. This doesn’t impact our editorial independence.

Lorenzo Franceschi-Bicchierai is simply a Senior Writer astatine TechCrunch, wherever helium covers hacking, cybersecurity, surveillance, and privacy.

You tin interaction oregon verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted connection astatine +1 917 257 1382 connected Signal, and @lorenzofb connected Keybase/Telegram.

Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.

He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.

Read Entire Article