惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Consumer Insights

Qantas data breach started with a fake IT support call Lidl warns customers after data breach How to find out if your identity has been exposed by infostealers Texas breach exposes PII of 3 million hunting and fishing license customers Maine forced to take down data breach portal after fake notices filed with authorities Carnival breach exposes data of nearly 6 million people 7-Eleven data breach exposes data of 185,000 people UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years DAEMON Tools Lite breach prompts urgent update after malware-laced installer Stalkerware data leak exposes private screenshots linked to celebrities and influencers Hackers claim to have breached Udemy, stealing 1.4 million user records Rituals data breach exposes customer details Booking.com says breach exposed travelers’ data Basic-Fit data breach exposes member information across Europe Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data Lapsus$ claims AstraZeneca breach exposes code and credentials Aura data breach exposes 900,000 records after phishing attack Telus Digital data breach confirmed after ShinyHunters claims 1PB theft Was Your Data Exposed in the Latest Under Armour Breach? Here’s What You Should Do Breach at Tinder, Hinge and OkCupid exposes user data Europe Fines Big Tech €1.2 Billion under GDPR in 2025 European Space Agency's cybersecurity in freefall as yet another breach exposes spacecraft and mission data European Space Agency Confirms New Data Breach; Classified Info May Have Been Stolen Rainbow Six Siege Servers Offline After Massive Breach Floods Accounts with Billions of R6 Credits 21,000 Nissan Customers Exposed After Third-Party Server Breach Spotify Catalog Scraped, 300TB Music and Metadata Dumped via Torrent University of Sydney Confirms Data Breach Affecting Thousands Leroy Merlin Breach Alert: French Customers Notified After Cyberattack Exposes Personal Data CodeRED Emergency Alerts Disrupted Across US After Ransomware Breach
Instructure confirms breach; millions of Canvas users potentially impacted
Alina BÎZGĂ · 2026-05-05 · via Consumer Insights

Instructure, the company behind the Canvas learning management system, has confirmed a data breach after a well-known cybercrime group claimed responsibility for stealing data linked to hundreds of millions of users.

Key takeaways

  • Canvas owner Instructure confirmed a security incident after the ShinyHunters group claimed responsibility
  • Up to 275 million users may be affected, with exposed data including names, emails, IDs, and messages
  • Users should watch for scams and suspicious messages, even if they haven’t received an official notification yet

The security incident and exposed data

Schools, universities, and other organizations use Canvas to manage coursework, communication, and student records, making it a particularly attractive target for attackers.

The breach came to light after the ShinyHunters extortion group listed Instructure on its leak site, claiming it had stolen data from the company’s systems. According to Bleeping Computer, the breach could affect up to 275 million individuals across nearly 9,000 schools worldwide.

Instructure confirmed the cybersecurity incident on May 2 on their official website.

“We are providing an update on the security incident we advised you of yesterday. While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained,” the company said.

So far, Instructure says the exposed information only includes names, email addresses, student ID numbers and messages between users.

The company said there is no evidence (for now) that highly sensitive data such as passwords, financial details, or government identifiers were compromised.

“While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users,” Instructure explained. “At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions. “

What has Instructure done so far?

In response to the incident, Instructure says it has:

  • Deployed security patches
  • Increased system monitoring
  • Rotated application keys
  • Required customers to reauthorize API access

The company is also working with cybersecurity experts and law enforcement as the investigation continues.

What should users do now?

Even if the full scope of the breach remains unclear, users and institutions should act with caution and proactively.

Here are a few immediate steps worth taking:

Check if your institution has issued a notice
Universities and schools are typically responsible for notifying affected users.

Be mindful of suspicious messages
Exposed email addresses can quickly be used in targeted scams, crafting messages that appear to come from your school, teachers, or classmates. These messages may reference real classes, conversations, or deadlines to feel more convincing. Be cautious about any unexpected requests, especially if they ask you to click links, download files, or share sensitive information. If something seems unusual, verify it independently by contacting the sender through an official channel, not by replying directly to the message.
Additionally, you can double-check it with Bitdefender Scamio, our free scam detector. For links, use the Bitdefender Link Checker to see if a URL is safe before clicking.

Update passwords (even if not exposed)
It’s a good precaution, especially if you reuse passwords across platforms.

Monitor your digital footprint
Services like Bitdefender Digital Identity Protection help track whether your data appears in known data breaches and alert you early if your information is exposed. It continuously monitors your digital footprint, including email addresses and other personal data, and notifies you if it shows up in newly leaked databases. This kind of early warning allows you to be proactive in changing your passwords, securing accounts, and reducing the risk of follow-up attacks like phishing or identity theft.