Newsgather
BackHackers steal students’ data during breach at education tech giant Instructure
Tech
TechCrunch05.05.2026Tech2 dk okumaUnited States

Hackers steal students’ data during breach at education tech giant Instructure

Pourquoi c'est important

Education tech giant Instructure has confirmed a data breach where hackers claim to have stolen students' private information, including names, personal email addresses, and messages. The hacking and extortion gang ShinyHunters claimed responsibility for the breach. This follows a pattern of cybercriminals targeting universities and cloud database companies.

Taille de police

Education tech giant Instructure has confirmed a data breach affecting students’ private information. The hacking and extortion gang ShinyHunters claimed responsibility for the breach.

The hackers claim to have stolen students’ names, their personal email addresses, and messages sent between teachers and students — the same type of data Instructure admitted was stolen.

Instructure is the latest corporate giant hacked by the ShinyHunters gang. The cybercriminals have targeted universities and cloud database companies in recent months, in efforts to steal vast amounts of people’s personal information and threaten to post the data online if the companies do not pay the hackers’ ransom.

A member of ShinyHunters shared a sample of the stolen data with TechCrunch, which included data from two schools in the United States, one in Massachusetts and one in Tennessee. In the case of the one in Massachusetts, the data included messages, which contain names, email addresses, and some phone numbers. As for the school in Tennessee, the sample included students’ full names and email addresses.

The sample did not contain passwords or the other types of data that Instructure said was unaffected by the breach.

TechCrunch is not naming the schools as they are not confirmed victims. Based on information that appears on their websites, both schools appear to use Instructure’s platform Canvas, which allows customers to manage coursework and assignments, and communicate with students.

ShinyHunters also shared a list of about 8,800 schools allegedly affected by the breach. TechCrunch could not confirm whether all the listed institutions were affected, nor whether they are Instructure customers. On its official site, Instructure says it has more than 8,000 institutions as customers.

When reached by TechCrunch, Instructure’s spokesperson Kate Holmes did not answer several questions about the incident, and instead referred to the company’s official page where it is publishing updates on the breach.

On its data leak site, where ShinyHunters claims responsibility for data breaches and attempts to pressure victims into paying a ransom, the hackers claim the breach affected close to 9,000 schools around the world, and 275 million people’s data, including students, teachers, and other staff. In an online chat, the ShinyHunters member told TechCrunch that the total unique emails included in the stolen data amount to 231 million.

Financially motivated hacking groups are known to exaggerate their claims to gather the attention of the media, as well as their victims.

Questions ouvertes

  • What specific security vulnerabilities allowed the breach?
  • What is Instructure's plan to prevent future breaches?
  • Will Instructure pay the ransom demanded by ShinyHunters?
  • How many schools and individuals are definitively confirmed to be affected?

Sujets liés

This article was originally published by TechCrunch.

Articles liés