On May 7th, 2026, Canvas, the widely used platform by thousands of schools and universities, was offline due to a cyberattack, creating chaos as students tried to study for finals which emphasized education’s dependence on technology.
The problem began on April 29th, 2026, when Instructure detected “unauthorized activity in Canvas.” Instructure explained the unauthorized party accomplished this by exploiting an issue related to their Free-For-Teacher accounts. Due to this, they made the decision to temporarily shut down Free-For-Teacher accounts. Data taken in this original incident included personal information of users at affected organizations, including names, email addresses, student ID numbers, and messages among Canvas users.
According to a statement posted to its website, “We immediately revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts. On May 7, 2026, we identified additional unauthorized activity tied to the same incident.” The statement continued, “The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Out of caution, we temporarily took Canvas offline into maintenance mode to contain the activity, investigate, and apply additional safeguards.”
The hacking group dubbed “ShinyHunters,” who have also claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel, claimed responsibility for the breach. Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft described “ShinyHunters” as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom.
ShinyHunters sent out a statement which said the following, “ShinyHunters has breached Instructure [again]. Instead of contacting us to resolve it, they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12th, 2026 before everything is leaked.”
They went on to say that their data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff.
The outage left thousands of students and educators unable to access its services and scramble during a critical period of the school year, as many were finishing finals and midterms.
What does this mean for Renton students? Well, due to the attack and attempt to secure personal information, Renton School District severed Canvas’s sync with Skyward, which contains grades and student information. Canvas has since been reinstated and the sync reconnected, but an eye should still be kept out for accurate grades.
Sources:
“Cyberattack Shutters Canvas Learning Platform for Schools across the U.S.” Cbsnews.com, 8 May 2026, www.cbsnews.com/news/cyberattack-shutters-canvas-learning-platform-for-schools-across-us/.
Haworth, Jon. “Alleged Cyberattack Temporarily Shuts down Canvas.” ABC News, 8 May 2026, abcnews.com/Technology/alleged-cyberattack-temporarily-shuts-canvas/story?id=132775879. Accessed 13 May 2026.
Ochoa, Joseph. “Hacker Group Disables Canvas for NC Students, Demands Ransom.” WRAL.com, WRAL, 7 May 2026, www.wral.com/news/education/canvas-shinyhunters-ransom-instructure-hack-data-breach-may-2026/.
Roth, Emma, and Jess Weatherbed. “Canvas Is Online Again after ShinyHunters Threaten to Leak Schools’ Data.” The Verge, 7 May 2026, www.theverge.com/tech/926458/canvas-shinyhunters-breach. Accessed 12 May 2026.
Wixey, Will. “Canvas Cyberattack Causes Outage for Millions of Users.” FOX 13 Seattle, 7 May 2026, www.fox13seattle.com/news/canvas-down-reportedly-due-cyberattack.
Ziegler, Hannah. “Canvas Online Learning Platform Disabled after Breach by Hackers.” The New York Times, 8 May 2026, www.nytimes.com/2026/05/07/education/canvas-hacked-down-data-breach.html.
