{"id":3489826,"date":"2026-05-07T20:59:09","date_gmt":"2026-05-07T20:59:09","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/05\/07\/hackers-alter-school-login-pages-following-claims-of-another-instructure-breach\/"},"modified":"2026-05-07T20:59:09","modified_gmt":"2026-05-07T20:59:09","slug":"hackers-alter-school-login-pages-following-claims-of-another-instructure-breach","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/05\/07\/hackers-alter-school-login-pages-following-claims-of-another-instructure-breach\/","title":{"rendered":"Hackers alter school login pages following claims of another Instructure breach."},"content":{"rendered":"
<\/div>\n
\n

On Tuesday, the education technology leader Instructure revealed a data breach in which hackers accessed students\u2019 sensitive information, such as their names, personal email addresses, and communications exchanged between teachers and students.\u00a0<\/p>\n

It seems that hackers have once again managed to infiltrate Instructure \u2014 this time defacing the login pages of multiple schools using the company\u2019s Canvas platform, designed for schools to oversee coursework and assignments while communicating with students.\u00a0<\/p>\n

TechCrunch observed a message from the cybercrime group ShinyHunters displayed on the Canvas login pages of three individual schools. An examination of the altered sites revealed that the hackers inserted an HTML file which modified the login interface to present their message.<\/p>\n

The message indicates that the hackers plan to release the stolen information on May 12 if the company fails to \u201cnegotiate a settlement.\u201d<\/p>\n

At the time of this writing, Instructure\u2019s website seemed to be partially operational, frequently returning a \u201ctoo many requests\u201d error. The Canvas portal issued a notice stating it was \u201ccurrently undergoing scheduled maintenance.\u201d<\/p>\n

Instructure did not promptly respond to TechCrunch\u2019s inquiry for a comment.<\/p>\n

ShinyHunters had previously taken responsibility for the initial breach, advertising it on its leak site \u2014 a platform utilized by hackers to publish stolen data and coerce victims into paying ransoms \u2014 as a means to extort Instructure into paying to prevent the information from becoming public. This evident new breach, along with the hackers\u2019 decision to inform TechCrunch about the defaced login pages, suggests that they are intensifying pressure on Instructure and its clients, aiming to compel them to acquiesce to the hackers\u2019 demands.\u00a0\u00a0<\/p>\n

It remains uncertain how the hackers succeeded in compromising the login pages. When questioned, a representative from ShinyHunters informed TechCrunch that they could not provide specifics but noted that this constitutes a second, distinct breach.<\/p>\n

Following the initial breach at Instructure, the hackers claimed to have pilfered data from nearly 9,000 schools globally, with the stolen files purportedly containing information on 231 million individuals.\u00a0<\/p>\n

The group has affected countless victims over the past couple of years, adhering to the same financially incentivized strategy: hack, publicize, and extort.\u00a0<\/p>\n<\/div>\n

When you purchase through links in our articles, we may earn a small commission. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/div>\n
\n

On Tuesday, the education technology leader Instructure revealed a data breach in which hackers accessed students\u2019 sensitive information, such as their names, personal email addresses, and communications exchanged between teachers and students.\u00a0<\/p>\n

It seems that hackers have once again managed to infiltrate Instructure \u2014 this time defacing the login pages of multiple schools using the company\u2019s Canvas platform, designed for schools to oversee coursework and assignments while communicating with students.\u00a0<\/p>\n

TechCrunch observed a message from the cybercrime group ShinyHunters displayed on the Canvas login pages of three individual schools. An examination of the altered sites revealed that the hackers inserted an HTML file which modified the login interface to present their message.<\/p>\n

The message indicates that the hackers plan to release the stolen information on May 12 if the company fails to \u201cnegotiate a settlement.\u201d<\/p>\n

At the time of this writing, Instructure\u2019s website seemed to be partially operational, frequently returning a \u201ctoo many requests\u201d error. The Canvas portal issued a notice stating it was \u201ccurrently undergoing scheduled maintenance.\u201d<\/p>\n

Instructure did not promptly respond to TechCrunch\u2019s inquiry for a comment.<\/p>\n

ShinyHunters had previously taken responsibility for the initial breach, advertising it on its leak site \u2014 a platform utilized by hackers to publish stolen data and coerce victims into paying ransoms \u2014 as a means to extort Instructure into paying to prevent the information from becoming public. This evident new breach, along with the hackers\u2019 decision to inform TechCrunch about the defaced login pages, suggests that they are intensifying pressure on Instructure and its clients, aiming to compel them to acquiesce to the hackers\u2019 demands.\u00a0\u00a0<\/p>\n

It remains uncertain how the hackers succeeded in compromising the login pages. When questioned, a representative from ShinyHunters informed TechCrunch that they could not provide specifics but noted that this constitutes a second, distinct breach.<\/p>\n

Following the initial breach at Instructure, the hackers claimed to have pilfered data from nearly 9,000 schools globally, with the stolen files purportedly containing information on 231 million individuals.\u00a0<\/p>\n

The group has affected countless victims over the past couple of years, adhering to the same financially incentivized strategy: hack, publicize, and extort.\u00a0<\/p>\n<\/div>\n

When you purchase through links in our articles, we may earn a small commission. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n","protected":false},"author":2,"featured_media":3489827,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3489826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489826"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3489826"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3489826\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3489827"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3489826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3489826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3489826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}