Learning management system Canvas back online after worldwide cybersecurity attack | KGOU
Learning management system Canvas back online after worldwide cybersecurity attack | KGOU
Publish Date: 2026-05-08 14:33:00
Source Domain: www.kgou.org
Across the world, access to the Canvas system was interrupted with a message from a criminal extortion group called “ShinyHunters.” It advised affected schools that if they did not want the platform’s data released, it demanded a negotiated settlement.
“ShinyHunters has breached [Canvas’ parent company] Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches,’” the statement read. “You have till the end of the day by 12 May 2026 before everything is leaked.”
According to a Friday morning social media post, the University of Oklahoma said Canvas is quote, “currently restored,” however, some features may remain unavailable. It instructs faculty and students to download important materials while they are available.
“We recognize this disruption has occurred during final exams and end-of-semester coursework,” the statement said. “We continue to monitor the situation and are currently working to develop contingency plans if Canvas goes offline again.”
Mack Burke, spokesperson for Oklahoma State University, said the university has extended the deadline for final grade submissions and encourages faculty to download their Canvas gradebooks as a precaution. Spring commencement ceremonies will continue as scheduled.
Canvas’ parent company, Instructure, said on its website the platform is now available again for most users.
According to the company, it detected “unauthorized activity” in Canvas on April 29. It revoked the party’s access and started an investigation. Thursday, it identified more unauthorized activity it said was tied to the same incident. In response, Instructure put Canvas into maintenance mode.
Based on its investigation, Instructure said data taken on April 29 included names, email addresses, student ID numbers and messages. It has not found evidence of data taken during the May 7 attack.
It said the unauthorized user exploited an…
