ACCORDING to DataBreaches[.]Net, ShinyHunters hacked Instructure again after Instructure failed to contact them to negotiate payment following a previous breach in April, with the threat actors posting a notice to schools about contacting them to negotiate a settlement and a deadline of 12 May 2026 to prevent data leakage.
The article notes that Instructure’s status page shows the infrastructure taken offline and Canvas was reported as unavailable during the period, with a replacement login page later showing a message that Canvas was undergoing scheduled maintenance. DataBreaches[.]Net also reports that some students were mid-class when the site went down, and that the site’s warnings included a list of affected schools and a link to a leak site, though DataBreaches expresses skepticism about whether maintenance was truly scheduled.
The piece mentions the threat of data leakage if schools did not contact the attackers by the stated deadline and records that Canvas customers may be left wondering how Instructure could be hacked repeatedly. It is framed as a developing story, with ongoing questions about law enforcement responses and the frequency of these incidents.