Breaking — May 7, 2026: Millions of students across America just had their worst nightmare come true — right in the middle of finals week. The popular educational platform Canvas has been hacked in a massive cyberattack that has rocked universities and K-12 schools nationwide. Here is everything you need to know about the Canvas hacked crisis unfolding right now.
What Happened to Canvas?
An apparent cyberattack shut down Canvas, a popular cloud-based digital hub for classrooms used by more than 30 million active users globally, with more than 8,000 institutions as customers.
On May 7, 2026, Canvas was hacked, with its login page replaced with a message by ShinyHunters, a criminal hacking group. ShinyHunters claimed responsibility for breaching Instructure and Canvas, threatening to release sensitive data unless ransom payment demands are fulfilled by May 12, 2026.
This wasn’t a random glitch or technical failure. This was a deliberate, targeted, ransomware attack — executed at the worst possible time for millions of students across the country.
Who Is ShinyHunters — The Group Behind the Canvas Hack?
Little is publicly known about the hacking group, but cybersecurity researchers and federal authorities have linked the ShinyHunters name to several instances of high-profile data theft. The group previously claimed responsibility for hacking Ticketmaster and attempting to sell user data on the dark web in 2024.
This is not a group of amateur hackers. ShinyHunters is a sophisticated cybercriminal organization with a track record of going after massive platforms and holding their data hostage — and now they’ve turned their sights on America’s schools.
The group wrote in their ransom note: “Instead of contacting us, to resolve it, they ignored us and did some ‘security patches.'” In other words — Canvas’s parent company Instructure had been warned before, tried to patch the problem quietly, and ShinyHunters came back harder the second time.
How Many Students Are Affected?
The scale of this breach is staggering. ShinyHunters claimed to have stolen more than 3.65TB of personal student data from over 9,000 schools, and said that if Instructure does not respond to their ransom demands by Tuesday, May 12, all the data will be leaked publicly.
A ransom letter from ShinyHunters to Canvas posted on May 3 claimed the group had data from 275 million individuals from nearly 9,000 schools.
275 million people. That is almost the entire adult population of the United States — students, teachers, staff, and administrators whose personal information may now be sitting in the hands of cybercriminals.
Which Schools Were Hit?
The list of affected institutions reads like a who’s who of American higher education. Universities across the country including Columbia University, Rutgers, Princeton, Kent State, Harvard and Georgetown issued statements alerting students to the hack impacting institutions nationwide. School districts in California, Florida, Georgia, Oklahoma, Oregon, Nevada, North Carolina, Tennessee, Utah, Virginia and Wisconsin also reported being affected.
The hack also hit schools internationally. Educational institutions in the United States, United Kingdom, New Zealand, Australia, Sweden, and the Netherlands reported disruptions or potential exposure of user information. In the Netherlands, 44 educational institutions were affected.
What Data Was Stolen?
In early May 2026, Instructure disclosed it was investigating a cybersecurity incident involving certain user data, including names, email addresses, student ID numbers, and messages among users. The company said it had found no evidence that passwords, dates of birth, government identifiers, or financial information were involved.
However, students on the ground are telling a very different story. One student said: “According to the hackers, they got everything: our personal emails, our passwords, IDs, any financial information that we had on our accounts — they have everything.”
The gap between what Instructure is saying publicly and what students are reporting is alarming — and it’s fueling panic across campuses nationwide.
The Worst Possible Timing — Finals Week
The Canvas hacked crisis didn’t just hit students at any random time. It struck right in the heart of finals season — when millions of students depend on Canvas for every aspect of their academic life.
A student at the University of Pennsylvania said he was logged out of his Canvas account while studying for finals. Professors had to scramble to send class materials in other ways.
The University of Illinois said Canvas was offline due to the ongoing cybersecurity incident, with course materials unavailable. University leadership discussed next steps with sensitivity to the impacts on students and instructors during the final exam period.
Schools across the country began extending deadlines and reshuffling finals schedules in response, with universities asking professors not to penalize students because of the outage.
How Did Instructure Respond?
Instructure said that out of an abundance of caution, it temporarily took Canvas offline to contain access and further investigate. The company confirmed the unauthorized actor exploited an issue related to Free-For-Teacher accounts, and made the difficult decision to temporarily shut those accounts down. Canvas was later announced as fully back online and available for use.
But the damage was already done. As of May 8, 2026, Instructure still reports no incidents related to the hack on their status page for May 7-8, claiming 100% uptime despite global outages — a response that has drawn sharp criticism from students and cybersecurity experts alike.
What Should Students Do Right Now?
If you use Canvas, here is what you need to do immediately:
Change your password on any account where you use the same email and password combination as Canvas. Even if Instructure claims passwords weren’t compromised — don’t take the risk.
Monitor your email for phishing attempts. Hackers who have your email address and student ID will try to use that information to trick you into giving up more sensitive data.
Contact your school’s IT department for guidance specific to your institution. Many universities are issuing individualized guidance as the situation develops.
Watch for deadlines. Most universities are extending finals deadlines due to the outage — check your school’s official communications for updates.
The May 12 Deadline — What Happens If Schools Don’t Pay?
In a note, the hacking group gave schools impacted a May 12 deadline “to negotiate a settlement.” That deadline is now just days away.
Cybersecurity analysts warn that more state schools could face extortion attempts in the wake of the attack. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.
What ShinyHunters does if schools refuse to pay — and whether Instructure will negotiate — remains one of the biggest unanswered questions hanging over millions of students right now.
This is a rapidly developing story. Bookmark CelebTrend.site for live updates as the May 12 deadline approaches.
