Canvas Breach Follow-Up: Instructure Pays the Ransom — And What That Means for All of Us
When I published my original piece on the Canvas breach back on May 9th, Instructure was publicly claiming the situation was contained. It wasn’t. Since then, ShinyHunters hit Canvas a second time through the same unpatched vulnerability, defaced login pages at hundreds of institutions, and ultimately extracted a ransom payment from Instructure, the amount of which has never been disclosed. As of May 12th, 2026, the story is closed. Sort of. Here’s everything that happened and what it means. ...