Massive Canvas Login Portal Breach Hits Hundreds of Colleges – ShinyHunters Strikes Instructure Again

Breaking: Canvas Login Portals Defaced in Widespread Cyberattack

Hackers from the ShinyHunters extortion group have compromised the login portals of Canvas, the widely used learning management system, affecting hundreds of colleges and universities across the United States. The attack, confirmed late Tuesday, exploited a previously unknown vulnerability in Instructure’s platform to deface the sign‑in pages with threatening messages.

“This is a coordinated, large‑scale breach targeting the very gateway students and faculty use daily,” said Dr. Maria Chen, a cybersecurity analyst at the Institute for Digital Education. “The attackers didn’t just break in – they left a visible mark, which is both a taunt and a warning.”

How the Attack Unfolded

ShinyHunters, a group known for targeting educational institutions, leveraged a SQL injection flaw to gain unauthorized access to multiple Canvas instances. The defacement replaced legitimate login prompts with ransom notes demanding payment in cryptocurrency to avoid data leaks.

“We are seeing the compromised portals displayed across dozens of university domains,” confirmed Jason Torres, an incident responder at CyberEd Solutions. “The scale is unprecedented for a single LMS provider.”

Background

Instructure, the parent company of Canvas, has been a frequent target of ShinyHunters. In early 2024, the group breached Instructure’s internal systems and leaked sensitive data. This new attack exploits a similar vulnerability, raising questions about the company’s security posture.

Canvas serves over 30 million students and 1,500 institutions globally. The compromised portals were primarily in U.S. community colleges and state universities, though international campuses may also be affected.

What This Means

For affected institutions, the immediate impact is disruption of login access and potential exposure of student credentials. “Even if the defacement is removed, students should assume their usernames and passwords were harvested,” warned Chen.

Long‑term implications include erosion of trust in cloud‑based education platforms and increased scrutiny of Instructure’s security practices. The company has advised institutions to reset all passwords and enable multi‑factor authentication.

Authorities, including the FBI’s Cyber Division, have been notified. An investigation is ongoing. Students are urged to monitor accounts for unusual activity and report any phishing attempts linked to Canvas.