Instructure Canvas Breach: ShinyHunters Shares Data Sample

ShinyHunters has now shared a sample of the stolen Canvas data with TechCrunch, partially backing up the group's earlier claims about the Instructure breach. According to ShinyHunters, the haul totals 3.65 terabytes across close to 9,000 institutions — a list of 8,809 schools is now posted to their leak site, and a ShinyHunters member told TechCrunch the figure is 231 million unique emails. Instructure has not confirmed those numbers. The sample TechCrunch reviewed is consistent with what Instructure already publicly disclosed: names, email addresses, student ID numbers, and messages between students and teachers. The sample did not contain passwords or any of the categories Instructure said were not affected. Instructure has published its containment steps — revoked privileged credentials and access tokens, rotated keys, deployed patches, and reissued the application keys that link Canvas to outside tools — which is why some Canvas users had to re-authorize third-party integrations. ShinyHunters extended its ransom deadline from May 6th to end of day May 7th, posting "FINAL WARNING PAY OR LEAK" and complaining that Instructure "has not even bothered speaking to us." Instructure has not publicly addressed the demand. Sources: https://www.instructure.com/resources/blog/security-incident-update https://techcrunch.com/2026/05/05/hackers-steal-students-data-during-breach-at-education-tech-giant-instructure/ https://www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/ More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #shinyhunters #databreach