Canvas owner reaches agreement with ShinyHunters, says user data was deleted

📅 12 May 2026 at 13:55 UTC📰 Cyber InsiderView original source ↗

Instructure says it reached an agreement with the threat actors behind the recent cyberattack targeting its Canvas learning platform. The company stated that stolen data was returned and that the attackers provided “digital confirmation of data destruction.” The attack was previously linked to the ShinyHunters extortion group after attackers publicly claimed responsibility for the breach … The post Canvas owner reaches agreement with ShinyHunters, says user data was deleted appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Instructure reached an agreement with the ShinyHunters extortion group, returning stolen data and deleting logs in exchange for ceasing extortion requests, mirroring a common ransom payment arrangement.

⚙️Technical Details

Affected Systems

Canvas learning platform

Attack Vectors

exploitation of vulnerability tied to the company's 'Free for Teacher' support ticket systemunauthorized access to portions of Instructure's environment

💥Impact Assessment

Severity: critical

🛡️Recommended Actions

1Monitor for suspicious activity on Canvas login portals

2Implement additional security measures to prevent similar breaches

3Regularly review and update support ticket systems

📦Affected Products

Canvas learning management system

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed