Canvas is down as ShinyHunters threatens to leak schools’ data

Canvas 平台宕机，黑客组织 ShinyHunters 威胁泄露学校数据

A massive outage of the learning platform started with a ransom message claiming to be from the ShinyHunters hacking group. 该学习平台发生大规模宕机，起因是一条自称来自黑客组织 ShinyHunters 的勒索信息。

The Instructure-owned learning management platform, Canvas, is down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack: 在确认发生大规模数据泄露事件（影响了学生姓名、电子邮件地址、ID 号码和消息）后，Instructure 旗下的学习管理平台 Canvas 目前处于宕机状态。周四尝试访问该系统的学生看到了一条来自黑客组织 ShinyHunters 的信息，该组织声称对此次攻击负责：

ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked. ShinyHunters（再次）入侵了 Instructure。他们没有联系我们解决问题，而是无视我们并进行了一些“安全补丁”修复。如果受影响名单中的任何学校有兴趣阻止其数据被发布，请咨询网络咨询公司，并通过 TOX 私下联系我们协商解决方案。你们必须在 2026 年 5 月 12 日结束前完成，否则所有数据都将被泄露。

The message included a link to a list of schools ShinyHunter claims to have breached through Canvas. The platform’s status page says Canvas, Canvas Beta, and Canvas Test are currently unavailable and that it is investigating the outage. 该信息中包含一个链接，指向 ShinyHunters 声称通过 Canvas 入侵的学校名单。该平台的状态页面显示，Canvas、Canvas Beta 和 Canvas Test 目前均无法使用，公司正在调查此次宕机事件。

Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer. Instructure 上周表示，在泄露事件发生后，他们已“部署补丁以增强系统安全性”。据 Bleeping Computer 报道，ShinyHunters（曾声称对 Ticketmaster、AT&T、Rockstar Games、ADT 和 Vercel 的攻击负责）表示，其数据泄露网站包含 9,000 所学校的信息，其中包括属于 2.75 亿名学生、教师和其他员工的数据。