Instructure Pays ShinyHunters Ransom to Little Likely Return

Hackers Constantly Break 'Confirmation of Data Destruction' Promises Mathew J. Schwartz (euroinfosec) • May 13, 2026

A hacker disruption of online learning platform Canvas during final exam season has now arguably become even worse after developer Instructure Holdings paid digital extortionists money in exchange for a putative vow to delete stolen data.

See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?

Utah-based Instructure Holdings develops free and paid versions of the online learning platform and counts more than 30 million active instructor and student users. "Instructure reached an agreement with the unauthorized actor involved in this incident," it said in a Monday apology, without revealing how much it paid.

After breaching Instructure earlier this month, cybercriminal extortion group ShinyHunters raised the stakes by hitting the company's infrastructure again on Thursday, redirecting Canvas's K-12 and higher-education students and educators worldwide to a signed ransom note ...