ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users

The infamous hacking group ShinyHunters has targeted two major technology firms, putting the personal details of millions of students and professionals at risk. The breaches hit Instructure, the US-based parent company behind the popular Canvas learning platform, and the video-hosting site Vimeo. Hackread.com has obtained the full list of affected institutions impacted by the Instructure data breach, and it is massive, indicating the vast scale of the theft and impacting around 15,000 institutions across the UK, Europe, and the US. Millions of Student Records Stolen from Canvas The attack on Instructure began on 30 April 2026. The company confirmed on 1 May that hackers exploited a vulnerability to gain access, forcing the company to shut down parts of its service, including Canvas Data 2 and Canvas Beta. This, in turn, caused problems for schools’ third-party integrations and external apps that rely on API keys (digital connectors) to function. “While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users.” “At this time, we have found no evidence that passwords, dates of birth, government
Read More