{"id":243667,"date":"2026-05-11T06:05:00","date_gmt":"2026-05-11T10:05:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/shinyhunters-escalates-canvas-extortion-infosecurity-magazine\/"},"modified":"2026-05-11T10:15:10","modified_gmt":"2026-05-11T14:15:10","slug":"shinyhunters-escalates-canvas-extortion-infosecurity-magazine","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/11\/shinyhunters-escalates-canvas-extortion-infosecurity-magazine\/","title":{"rendered":"ShinyHunters Escalates Canvas Extortion &#8211; Infosecurity Magazine"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/shinyhunters-escalates-canvas\/\">ShinyHunters Escalates Canvas Extortion &#8211; Infosecurity Magazine<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/shinyhunters-escalates-canvas\/\">https:\/\/www.infosecurity-magazine.com\/news\/shinyhunters-escalates-canvas\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-11 06:05:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>The education sector has found itself in the crosshairs of a ShinyHunters \u201cpay or leak\u201d extortion campaign following the compromise of Instructure, the company behind the Canvas Learning Management System.<\/p>\n<p>The original compromise of Instructure occurred on April 25 with around 275 million records from 8809 educational institutions stolen.<\/p>\n<p>ShinyHunters gained unauthorized access to Instructure systems by exploiting a vulnerability in the Free-For-Teacher version of Canvas. Over 3.65 TB of data is said to have been exfiltrated by the ransomware gang.<\/p>\n<p>The group made its first extortion attempt by posting a ransom demand on its data leak site. The initial deadline was 8 May, after which the group threatened to leak data.<\/p>\n<h2><strong>Extortion Campaign Intensifies<\/strong><\/h2>\n<p>Since that deadline has passed, the group extended its deadline and began a school-by-school extortion campaign, researchers at Halcyon noted in a recent analysis.<\/p>\n<p>This has seen a defacement message appear on approximately 330 institutional Canvas login pages.<\/p>\n<p>The note by ShinyHunters called for those affected to negotiate a settlement before everything is leaked on May 12.<\/p>\n<p>Instructure had not contacted the ransomware group and instead installed some security patches, according to the ShinyHunters note. \u00a0<\/p>\n<p>Raluca Saceanu, CEO of cybersecurity company Smarttech247, commented, \u201cShinyHunters have timed this attack to sting as much as possible: with schools and universities approaching the end of their academic years, and exam season already underway.\u201d<\/p>\n<p>\u201cStriking now piles the pressure on both Canvas and affected institutions to force a sizeable ransom payment. These targets cover the gamut, including universities, colleges, school districts, education providers, corporate training environments, test\/stage instances, and generic\/root accounts,\u201d she added.<\/p>\n<p>Those impacted by this campaign should take immediate action including changing any Canvas\u2011related passwords as soon as possible and enabling&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/shinyhunters-escalates-canvas\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ShinyHunters Escalates Canvas Extortion &#8211; Infosecurity Magazine https:\/\/www.infosecurity-magazine.com\/news\/shinyhunters-escalates-canvas\/ Publish Date: 2026-05-11 06:05:00 Source Domain: www.infosecurity-magazine.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":243668,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/ebb34ece-f135-4339-862c-fe80a6e1de00.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-243667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243667"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=243667"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243667\/revisions"}],"predecessor-version":[{"id":243669,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/243667\/revisions\/243669"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/243668"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=243667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=243667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=243667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}