Across the world, access to the Canvas system was interrupted with a message from a criminal extortion group called “ShinyHunters.” It advised affected schools that if they did not want the platform’s data released, it demanded a negotiated settlement.
“ShinyHunters has breached [Canvas’ parent company] Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches,’” the statement read. “You have till the end of the day by 12 May 2026 before everything is leaked.”
According to a Friday morning social media post, the University of Oklahoma said Canvas is quote, “currently restored,” however, some features may remain unavailable. It instructs faculty and students to download important materials while they are available.
“We recognize this disruption has occurred during final exams and end-of-semester coursework,” the statement said. “We continue to monitor the situation and are currently working to develop contingency plans if Canvas goes offline again.”
Mack Burke, spokesperson for Oklahoma State University, said the university has extended the deadline for final grade submissions and encourages faculty to download their Canvas gradebooks as a precaution. Spring commencement ceremonies will continue as scheduled.
Canvas’ parent company, Instructure, said on its website the platform is now available again for most users.
According to the company, it detected “unauthorized activity” in Canvas on April 29. It revoked the party’s access and started an investigation. Thursday, it identified more unauthorized activity it said was tied to the same incident. In response, Instructure put Canvas into maintenance mode.
Based on its investigation, Instructure said data taken on April 29 included names, email addresses, student ID numbers and messages. It has not found evidence of data taken during the May 7 attack.
It said the unauthorized user exploited an “issue” in its Free-For-Teacher accounts, which allows teachers to build courses and assignments without a school needing to be a customer. The Free-For-Teacher accounts are now temporarily shut down.
Instructure said it has engaged a third-party forensic firm, notified law enforcement and made several changes to website security.
“As we respond to this incident, we’re focused on three things: completing a rigorous investigation, communicating verified information to impacted customers, and continuing to strengthen the safeguards that protect customer and student data,” the statement said. “Trust is earned through actions and we’re committed to earning yours.”
StateImpact Oklahoma is a partnership of Oklahoma’s public radio stations which relies on contributions from readers and listeners to fulfill its mission of public service to Oklahoma and beyond. Donate online.
