Schools Compromised What Canvas Users Should Know After Reported Hack and Outage

Canvas users at schools and universities across the U.S. experienced access issues on Thursday, May 7th, following reports of a cybersecurity incident involving Instructure, the company behind the widely used learning management system. The disruption drew attention because many students and instructors rely on Canvas for assignments, grades, course materials, messages, and exams.

According to multiple reports, some users attempting to reach Canvas were unable to log in or were redirected to a message attributed to the hacking group ShinyHunters. The group claimed it had obtained data connected to thousands of schools. As of this publication, those claims have not been fully and independently verified, and officials have not confirmed the full scope of any data exposure.

Instructure said on its status page that it placed Canvas into maintenance mode while investigating login problems, Reuters reported. The company did not immediately provide a full public explanation of the incident in that report. Some schools also issued their own notices, telling students and staff that they were monitoring the situation and awaiting additional information from Canvas or Instructure.

For most users, the immediate effect is practical: temporary trouble accessing classes, assignments, grades, messages, exams, or course files. The outage occurs during final-exam periods at some colleges, resulting in adjusted deadlines, postponed exams, or the redirection of students to alternative communication channels. Users should check for and follow instructions from their own school, because Canvas access and academic deadlines are managed locally by each institution.

The bigger question is whether personal information was exposed. Reports said the hackers claimed access to names, email addresses, student identification numbers, and messages. Some school notices have said they are still reviewing what data may be involved. At this stage, users should treat broad claims about the number of affected accounts or institutions as unconfirmed unless they come from Canvas, Instructure, a school, law enforcement, or a recognized cybersecurity investigator.

There is no confirmed public indication in the available reports that every Canvas user’s password, financial data, or government identification information was exposed. Still, students, parents, teachers, and staff should be cautious. Schools may recommend password resets, extra account monitoring, or additional login protections. Users should also watch for suspicious emails or messages that appear to reference Canvas, grades, assignments, or school accounts.

The situation is likely to lead to continued updates from Instructure and affected schools as technical teams review logs, restore service, and determine what information, if any, was accessed. Schools may also issue separate guidance on coursework, grading, missed deadlines, or exams affected by the outage.

Your action item is to watch for the following: official Canvas status updates, notices from their school’s IT department, course-specific messages from instructors, and any request to reset passwords or review account activity. Until more is confirmed, users should avoid relying on screenshots or claims circulating outside official channels and should keep copies of important coursework whenever possible.