惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

雷峰网
雷峰网
Security Archives - TechRepublic
Security Archives - TechRepublic
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Last Week in AI
Last Week in AI
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
WordPress大学
WordPress大学
爱范儿
爱范儿
J
Java Code Geeks
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Help Net Security
Help Net Security
Hacker News: Ask HN
Hacker News: Ask HN
月光博客
月光博客
S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
V
Visual Studio Blog
博客园 - 三生石上(FineUI控件)
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News and Events Feed by Topic
腾讯CDC
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Webroot Blog
Webroot Blog
博客园 - Franky
有赞技术团队
有赞技术团队
美团技术团队
Jina AI
Jina AI
S
Security @ Cisco Blogs
博客园 - 叶小钗
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园_首页
C
CERT Recently Published Vulnerability Notes
T
Threat Research - Cisco Blogs
Project Zero
Project Zero
A
Arctic Wolf
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
小众软件
小众软件
IT之家
IT之家
S
Security Affairs

Latest news

Why I'm recommending last year's phones over 2026 models - with one exception This powerful Gemini setting made my AI results way more personal and accurate After testing this HP laptop, I get why its 'boring' design is adored by business users The best TV antenna of 2026: Expert tested Your old iPad or Android tablet can be your new smart home panel - here's how Apple's original AirTag still tracks effectively, and you can get a 4-pack for its best price ever How to qualify for Apple's education discount - and get a $499 MacBook Neo for school T-Mobile will give you a Samsung Galaxy Watch 8 for free - how to get yours Prolonged AI use can be hazardous to your health and work: 4 ways to stay safe Verizon will give you a free iPad or Apple Watch with your next iPhone - how the deal works The best laptops of 2026: Expert tested and reviewed I hid 4 Bluetooth trackers (including AirTags) to test their reliability - here's how Android rivals compared I stopped using my iPhone's hotspot after testing this 5G router - and that won't change The best Kindles in 2026: Expert recommended Does Best Buy price match? Everything to know about matching prices online and in-store The best WordPress hosting services of 2026: Expert tested and reviewed The best Apple Watch of 2026: Expert tested and reviewed The best TV screen cleaners of 2026: Expert recommended The best 50-inch TVs of 2026: Expert tested I traded my Sonos Era 300 for Denon's new home speaker - and see no reason to go back AI-powered website builders have come a long way - here's your best option in 2026 Amazon just slashed $250 off the Google Pixel 10 - and a Prime subscription isn't required I found the apps slowing down my PC - how to kill the biggest memory hogs These companies are actually upskilling their workers for AI - here's how they do it Verizon will give you Meta Ray-Bans for free with this Fios Internet deal - how to get yours I tried the new Gemini app for Mac - it has one major advantage over the web version How Google's updated AI Mode will ease your tab clutter when you search Why this MagSafe battery pack is our readers' favorite model right now - especially at its price T-Mobile will give you a Google Pixel 10a for free - plus an extra gift OpenAI's Codex Desktop can run your computer now - and has its own browser Want to build a startup that gets acquired? This founder shares 5 proven tips Google to pay $135M settlement to Android phone users - how to claim your share if you qualify Want to stand out on LinkedIn? Try this career strategist's top 3 tips for strengthening your profile I've used Dell's new XPS 16 for a week, and it's the Windows laptop to beat in 2026 You can get 50% off YouTube Premium for 1 year right now - but the deal ends soon Tidal vs. Qobuz: I tried both hi-res streaming services, and they couldn't be more different This stroller turns into a carry on-suitcase, and I recommend it for traveling parents The best small business VoIP providers of 2026: Expert tested and reviewed Protect your devices with our pick for the best antivirus software, now over 60% off MacBook Neo vs. Surface: Why spiraling RAM prices are bruising Microsoft's PC business but not Apple's I tried Google's new desktop app for Windows, and I'll never search the old way again Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included You can buy an LG B5 OLED for $1,500 off at Best Buy - and it comes with a free 4K TV Why Zorin OS 18.1 is simply the best Linux distro - for anyone Why Netgear just got the first FCC router ban exemption in the US Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works Can this $70 Linux app make up for the lack of Photoshop? I tried it to find out 'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source iPhone charging slowly? 6 quick fixes to try before blaming your battery Roku TV vs. Fire Stick: Why I'm looking beyond streaming resolution when comparing the two AI is getting better at your job, but you have time to adjust, according to MIT The best internal communication tools of 2026: Expert tested and reviewed Half of all US employees use AI at work now - and waste almost 8 hours a week doing it The latest Google Home update brings Gemini fixes that I'm actually excited to try again I've been subscribed to a data removal service a month now - what I wish I knew sooner You can use Linux 7.0 on these 7 distros today - here's what to expect How I share audio from my Android phone to multiple earbuds (and why it's a big deal) Why the Apple Watch's 20-minute calibration test is worth your time - especially if you're data curious Meta is selling refurbished Ray-Bans for as low as $197 right now - but they're going fast Setting a MagSafe charger on my nightstand was the iPhone upgrade I didn't know I needed I swapped my Sony WH-1000XM6 for lower-end JBL headphones, and they still sounded great I tested ChatGPT Plus vs. Gemini Pro to see which is better - and if it's worth switching I used the 'Plus Five' rule to fix my iPhone's slow wireless charging - here's how it works The new rules for AI-assisted code in the Linux kernel: What every dev needs to know 'Job seekers have to be detectives': 3 signs that listing is a scam How the latest Netrunner distro delivers a Linux productivity powerhouse This Linux distro offers an easy DNS switcher - but there's more to it that I like I tested Artix Linux: An enjoyable systemd-free distro for experienced users (and ChromeOS speeds) I spent two years testing wind power at home - here's why solar is still my preferred source I camera-tested the Samsung Galaxy S26 Ultra with Oppo and Xiaomi - this model won it for me How I boosted my portable solar panels' power by up to 30% - 11 expert-approved tips I see why Ubuntu 26.04 is more than just a performance bump for thrill-seeking gamers France is ditching Windows for digital sovereignty - and its new Linux stack is taking shape KDE Linux is the purest form of Plasma I've used in months - but there's a catch LG C6 vs. LG C5: Why the 2025 model is still the smarter OLED TV model buy for me How I disabled 'fast startup' on my Windows 11 laptop to stop overnight battery drain 30 years later, I returned to Enlightenment Linux to test the Elive beta - and it's much better Here's my favorite email trick for cleaning up inbox clutter - automatically The $30 Google TV stick may be the budget Chromecast successor we've been waiting for The best AR and MR glasses in 2026: Expert tested and reviewed This handy electric screwdriver is now 50% off - here's where to snag the deal This Ryobi yard essentials bundle packs a free power tool - how to get yours After trying these boomless headphones in the office, I'm feeling hopeful for the future of work tech I used this EcoFlow battery to run my 3,000-sq-ft home in a blackout - here's how it kept my AC on Microsoft's Windows Insider Program is no longer a confusing mess Forget Shokz: I tried the Suunto Spark earbuds for a month, and they've sold me on air conduction iOS 26.4 brings essential upgrades to your iPhone - including a vital security fix YouTube Premium is getting a price increase in June - but you can save $32 with one change Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now I walked 3,000 steps with my Apple Watch, Google Pixel, and Oura Ring - this tracker was most accurate I stopped guessing which AA batteries are dead - this charging station keeps them in check for me My favorite Android Auto find is these hidden shortcuts that are highly customizable AirDrop is coming to older Samsung phones - is yours supported? How to get it early I'm no longer using Google Photos as just a cloud storage - 5 tools that elevate the app The best data removal services of 2026: Expert tested and reviewed The best Samsung TVs of 2026: Expert tested and reviewed The best mobile scanning apps of 2026: Expert tested and reviewed The best HP laptops of 2026: Expert tested and reviewed After using Lenovo's new Yoga laptop, I'm wondering if Windows makers are running out of ideas Samsung S95H vs. Samsung S95F: I compared the OLED TVs and wasn't prepared for the upset
Worried about the nationwide Canvas data breach? Take these 6 steps now
2026-05-09 · via Latest news
abstractdatasgettyimages-2256422659
Outflow Designs/ iStock / Getty Images Plus via Getty Images

Follow ZDNET: Add us as a preferred source on Google.


ZDNET's key takeaways

  • Canvas was disrupted this week by a cyberattack.
  • Many students are unable to access the popular educational portal.
  • Instructure says data was stolen; what Canvas users should do next.

Canvas is at the center of an ongoing cyberattack and data extortion attempt by a well-known cybercriminal group that claims to have stolen student records. If you are a Canvas user, you can take defensive measures now.

Also: No one pays ransomware demands anymore - so attackers have a new goal

What is Canvas?

Canvas is a Learning Management System (LMS) from Instructure, a Salt Lake City-based educational technology company founded in 2008.

Designed for remote learning, Canvas has been adopted by thousands of schools for course creation and management, grading, feedback, and coursework submission. Instructure says the LMS now supports tens of millions of users -- students and parents -- and has recorded 27 million mobile app downloads. Canvas is available in over 100 countries. 

What happened?

While Canvas boasts a 100% uptime notice on its website, Instructure CISO Steve Proud said last week that the LMS had "recently experienced a cybersecurity incident perpetrated by a criminal threat actor."

The company began investigating. On May 6, Proud said the company believed the incident had been "contained," but some data may have been exposed -- and it didn't take long for students to begin reporting login issues.

Also: The shadowy SIM farms behind those incessant scam texts - and how to stay safe

On Thursday, May 7, Canvas login interfaces were defaced, with ransom notes reportedly posted by the ShinyHunters group as it moved from data theft to public extortion. Students who tried to log in were unable to access their course materials, likely a deliberate attempt by the cyberattackers to put pressure on Instructure to pay up, with finals just around the corner. 

In response, Canvas displayed a maintenance mode page, an action that had drawn criticism

The hackers' ransom note, which has since circulated online, demands that Instructure contact the group by May 12. 

"ShinyHunters has breached Instructure (again)," the note reads. "Instead of contacting us to resolve it, they ignored us and did some 'security patches.'"

While access has reportedly been restored for most users, with the deadline approaching, this may not be the end of the story.

What is ShinyHunters?

ShinyHunters is a collective of cybercriminals that extorts companies for payment. Since making headlines in 2020 with a swathe of company breaches, ShinyHunter's modus operandi is to quietly infiltrate a target business, steal information, and then publicly pressure the victim into paying a "settlement."

Also: The best free VPNs: Expert tested and reviewed

Often associated with large-scale breaches, ShinyHunters, like many other cybercriminal groups, operates a "leak site." Leak sites are public-facing websites that list alleged victims and the items stolen, and often include a demand for payment. 

If a victim fails to comply, the information stolen from them may be published. Having the victim's name removed from the leak site may also be part of negotiations. 

What information was stolen?

ShinyHunters has threatened to leak data on approximately 275 million students from 8,800 academic institutions if its demands are not met. 

Also: I'm a tech professional, and an AI job scam almost fooled me - here's how I caught on

According to Instructure, exposed data may include:

  • Names
  • Email addresses
  • Student ID numbers
  • Messages between users

"At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved," Instructure said. "If that changes, we will notify any impacted institutions."

Instructure's response

It is not known whether Instructure has communicated with ShinyHunters. Instructure said it is currently "not seeing any ongoing unauthorized activity."

Also: This critical Linux vulnerability is putting millions of systems at risk - how to protect yours

The company has revoked privileged credentials and access tokens associated with affected systems, deployed security patches -- although no associated vulnerability disclosures have been made yet -- and rotated security keys. Instructure said it has also ramped up monitoring across its platforms. 

"As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where applicable," the company added. 

6 steps to take immediately

  1. School updates: As this security incident appears to affect thousands of schools and academic institutions, reach out to your institution or visit its website and communication channels for updates. 
  2. Passwords: Whenever you suspect you have been involved in a data breach, the first thing you should do is to change the password you use to access your account. If you are using the same password to access other online services, change those passwords as well.  If the ransomware group releases stolen data and manages to grab credentials, those credentials may be made public. You should consider using a password manager to create complex passwords and to receive leak alerts. 
  3. Have I Been Pwned: It's too early for this data breach and any subsequent data leak to be recorded on Have I Been Pwned, but we recommend visiting this website frequently to check whether you have been involved in any online data breaches. It's free, and all you need to do is search with your email address. 
  4. Enable 2FA/MFA: If you have not already done so, enable two-factor or multi-factor authentication on your associated accounts. 
  5. Keep an eye on your email: If Canvas follows appropriate procedures, it should inform users if their information has been exposed -- keep an eye out for any updates. 
  6. Watch out for phishing: However, if stolen email addresses or contact details are leaked online, they may be used in targeted phishing campaigns, so be careful if you receive correspondence that appears to be from your school or Canvas itself. If there are any indications of a phishing attempt -- such as strange grammar, spoofed email addresses, or requests to click unofficial links or open attachments -- verify it by phone or another means first. 

Also: These 5 critical Windows Defender settings are off by default - turn them on ASAP 

We reached out Instructure for comment and a spokesperson shared this statement: 

Yesterday, Instructure discovered the unauthorized actor involved in our ongoing security incident made changes to the pages that appeared when some students and teachers were logged in. Out of an abundance of caution, we immediately took Canvas offline to contain access and further investigate. We have confirmed that the unauthorized actor exploited an issue related to our Free-For-Teacher accounts. As a result, we have made the difficult decision to temporarily shut down our Free-For-Teacher accounts. This gives us the confidence to restore access to Canvas, which is now fully back online and available for use. We regret the inconvenience and concern this may have caused