{"id":244491,"date":"2026-05-12T03:37:00","date_gmt":"2026-05-12T07:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/instructure-reaches-ransom-agreement-with-shinyhunters-to-stop-3-65tb-canvas-leak\/"},"modified":"2026-05-12T12:45:07","modified_gmt":"2026-05-12T16:45:07","slug":"instructure-reaches-ransom-agreement-with-shinyhunters-to-stop-3-65tb-canvas-leak","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/12\/instructure-reaches-ransom-agreement-with-shinyhunters-to-stop-3-65tb-canvas-leak\/","title":{"rendered":"Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/instructure-reaches-ransom-agreement.html\">Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/instructure-reaches-ransom-agreement.html\">https:\/\/thehackernews.com\/2026\/05\/instructure-reaches-ransom-agreement.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-12 03:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 12, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<p>American educational technology company Instructure, the parent company of Canvas, said it reached an &#8220;agreement&#8221; with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities.<\/p>\n<p>In an update shared on Monday, the Utah-based firm said it &#8220;reached an agreement with the unauthorized actor involved in this incident,&#8221; citing &#8220;concerns about the potential publication of data.&#8221;<\/p>\n<p>In taking the controversial decision to pay a ransom to avoid a leak, the company said the agreement covers all its impacted customers and that the pilfered data was returned to it, along with digital confirmation of data destruction. It also said it has been informed that none of the company&#8217;s customers will be separately extorted as a result of the hack.<\/p>\n<p>&#8220;While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,&#8221; Instructure said.<\/p>\n<p>It also said it&#8217;s working with expert vendors to support its forensic analysis, improve its cybersecurity posture, and conduct a comprehensive review of the data involved.<\/p>\n<p>The disclosure comes as the ShinyHunters extortion crew waged a digital attack against Canvas, a popular web-based learning management system, late last month, resulting in the theft of 3.65TB of data. The incident impacted nearly 9,000 organizations.<\/p>\n<p>Although the breach was assumed to be initially contained, a second wave of unauthorized activity tied to the same incident was detected on May 7, 2026, defacing the Canvas login portals with extortion messages at roughly 330 institutions and giving Instructure a deadline of May 12, 2026, to negotiate a ransom or risk a data leak.<\/p>\n<p>The attackers are said to have weaponized an unspecified vulnerability &#8220;regarding support tickets&#8221; in its&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/instructure-reaches-ransom-agreement.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak https:\/\/thehackernews.com\/2026\/05\/instructure-reaches-ransom-agreement.html Publish Date: 2026-05-12&#8230;<\/p>\n","protected":false},"author":1,"featured_media":244493,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiq_FVhPeK2Y77CmHxc0azDelzWwpgSb4m8GZPLeJlsr2QvCZU5ChGQK37bJ_2XsGQRaNszalreV1iNyYDzeLt1I8iqafNTvFCPFQ0czKwX3Q6Q23TqdavunyJJsy6X8vxG_jSz__X5BnFZc4AIIqr-kd0XiNcYgx3UnYaahiViFKAywuQ98a7bbtCPnwgo\/s1600\/ransom-breach.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,29,27],"class_list":["post-244491","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244491"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=244491"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244491\/revisions"}],"predecessor-version":[{"id":244494,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/244491\/revisions\/244494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/244493"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=244491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=244491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=244491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}