Popular Posts

Shocking: Canvas Suddenly Halts Data Delivery—Here’s What You Must Know

Shocking: Canvas Suddenly Halts Data Delivery—Here’s What You Must Know

Canvas Data Breach Update: Why Instructure Paused Sending Stolen User Info

What Happened With Canvas and the Hackers?

Imagine a big online classroom tool called Canvas (like a digital school notebook system). It is owned by a company named Instructure.

  • Two months ago, Instructure made a deal with hackers. The goal was to rescue huge piles of stolen user data.
  • Now, Instructure has paused sending out that breach-related data. Why? Because a helper company they were using to send the data might have a security problem.

Important Point: Instructure itself has NOT been hacked again. The possible threat is with a separate third-party delivery service, not Instructure’s own systems.

The Original Hack (May)

Back in May, a bad group called ShinyHunters (think of them as digital burglars) broke into Canvas two times.

  • They say they grabbed personal info from 275 million people across 9,000 schools and organizations.
  • The stolen info included:
    • Names
    • Email addresses
    • Student ID numbers
    • User messages
  • The company checked and said they saw no proof that these were taken:
    • Passwords
    • Birth dates
    • Government ID numbers (like Social Security numbers)
    • Money/financial info

What Instructure Promised

After the hack, Instructure’s boss (CEO Steve Daly) said they would:

  1. Be open and honest about what happened.
  2. Tell K–12 schools and colleges what they knew as fast as they safely could.
  3. Do a careful detective-style review (called a “forensic review”) of the stolen data.

For two months, they worked on that review.

The Plan to Send Data (And the Pause)

  • On Tuesday, Instructure was supposed to send the first batch of breach info to schools.
  • Instead, Steve Daly said they are pausing the sending.
  • Reason: The outside platform they picked to deliver the data (a service called ShareFile) might have faced its own security threat.
  • Originally, schools were going to get the info through a special safe link from ShareFile, sent only to each school’s security contact.

Daly told customers (including the 41% of North American colleges that use Canvas):

  • Your data is still safe with us.
  • We will only send it when we are sure the delivery platform is safe.
  • Security comes first—we will check the platform or find a different one.

Important Point: The data about the breach is still secure at Instructure. They are just being careful about how they hand it over.

Summary

Instructure (owner of Canvas) got hacked by ShinyHunters in May, affecting millions of users. Two months later, while trying to share details with schools through a third-party tool (ShareFile), they spotted a possible security issue with that tool and paused the delivery. Instructure itself was not breached again, and user data remains safe while they figure out a secure way to send it.

FAQ

1. Was Instructure hacked again?
No. Instructure has not been breached again. The possible threat is with a third-party delivery platform they were using.

2. What kind of info did the hackers steal in May?
Names, emails, student ID numbers, and messages. Passwords, birth dates, government IDs, and financial info were not found to be taken.

3. Why did they pause sending the data?
Because the outside service (ShareFile) they chose to send the data may have had a security threat, and they want to be careful.

4. Is my Canvas data safe right now?
Instructure says the data remains secure with them and they will only deliver it once the delivery method is confirmed safe.

Leave a Reply

Your email address will not be published. Required fields are marked *