FBI warns students and staff that ShinyHunters may come knocking after Canvas breach

INDUSTRY NEWS 3 min read FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Graham CLULEY May 20, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial When the FBI puts out a public service announcement that deliberately appears to avoid naming the company at the centre of the story, you can usually work out which one it is... On 15 May 2026, the FBI's Internet Crime Complaint Center (IC3) issued an advisory about the ShinyHunters extortion gang that recently breached "an online Learning Management System" used by educational institutions across the United States. The advisory doesn't say the platform that was hacked was Canvas, and that the company concerned was Instructure. Frankly, it didn't need to. The security breach was not just big news on cybersecurity blogs, it made headlines worldwide. On 12 May, Instructure quietly confirmed it had reached "an agreement" with the attackers, who apparently had helpfully provided "digital confirmation of data destruction (shred logs)." In short, Instructure paid the ransom. There are a few possible problems with paying an extortion gang and trusting that they will honour the deal. One of the big problems is that it requires you to trust an extortion gang. And I supposed that's why the FBI wrote its PSA. It's a polite reminder to everyone (whether they be students, parents, or staff) that their data may still be out there - and that it might be sensible to be braced to the possibility that criminals could prove not to be trustworthy - and start putting the stolen information to work. For instance, ShinyHunters or their cybercriminal counterparts could use the potentially sensitive personal information to harras innocent parties caught up in the breach through no fault of their own. As the FBI warns, in an attempt to extort money ShinyHunters "commonly use harassment strategies, sending threatening text messages and phone calls to victims and their family members, and in some cases, swatting." Furthermore, extortionists might falsely claim to have access to compromising information, such as embarrassing photographs or videos of victims. And then there is always the possibility of spearphishing campaigns, where hackers can disguise their poisoned messages through the use of stolen student IDs, professors' names, or snippets of private messages that were stolen in the breach. The FBI advises that victims do not engage with anyone claiming to hold their data for ransom, and wait for official guidance from their educational establishment to learn what details may have been compromised. Furthermore, users are advised to not click on suspicious links or unsolicited attachments, and to enable multi-factor authentication where possible to harden the security of their accounts. Every successful ransom payment writes a sales pitch for the next attack, and ShinyHunters — already linked to incidents at Ticketmaster, the University of Pennsylvania, Princeton, Harvard, Infinite Campus, and McGraw Hill — will not be stopping any time soon. For students caught in the middle: assume your data is out there, treat every unexpected message with suspicion, and don't let anyone panic you into paying, clicking, or replying. The criminals are counting on your fear. Don't give it to them. There is, of course, no certainty that ShinyHunters (or any other criminal) will attempt to exploit the information seized by hackers during the Canvas/Instructure breach - but it would it would be wise to consider the possibility, and ensure that defensive measures are properly adopted. And that advice also goes to other "online learning management systems" and educational establishments. Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 SCAM DIGITAL PRIVACY HOW TO How scammers gain access and hack your WhatsApp account and what you can do to protect yourself May 01, 2024 INDUSTRY NEWS MOBILE SECURITY Apple Sends Urgent Security Alert to iPhone Lock Screens — Here’s Why You Shouldn’t Ignore It March 30, 2026 INDUSTRY NEWS How any Instagram account could be hacked in less than 10 minutes July 15, 2019 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE INDUSTRY NEWS SCAM Crypto ATM Scams Keep Growing as Americans Lose Millions, FBI Warns Filip TRUȚĂ May 20, 2026 4 min read INDUSTRY NEWS FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Graham CLULEY May 20, 2026 3 min read INDUSTRY NEWS SCAM Scam Centers Are Feeling the Heat – INTERPOL Makes 201 Arrests in the MENA Region Filip TRUȚĂ May 19, 2026 5 min read BOOKMARKS You have no bookmarks yet. Tap to read it later.