IN a DataBreaches[.]Net opinion piece posted on 8 May 2026, the author notes that Canvas was restored and the Instructure leak site listing was removed from the threat actors’ leak site, suggesting that ShinyHunters’ practices usually indicate the victim has either paid or is at least negotiating. The piece argues that pressuring all victims into never paying may be terrible advice for some, pointing to Instructure’s costs and the ongoing anxiety for schools and students.
It concedes that ShinyHunters are responsible for the breach, but questions whether the incident response choice by Instructure was beneficial in the long run. The author argues against a hard-and-fast rule prohibiting payment and suggests a cost-benefit analysis tailored to the victim’s situation. It also invites readers to seek a second opinion from incident response firms if their default guidance would prohibit payment. The piece frames paying as potentially the lesser of evils in certain circumstances, while cautioning against broad policy determinations.