Live Wire
13:19ZPRESSTVBrazil has reportedly refused to approve the appointment of a new Israeli Consul-General in São Paulo, after…13:18ZWFWITNESSBloomberg: The United States and Iran are edging closer to signing an agreement to reopen the Strait of Hormu…13:18ZNOELREPORTUkraine plans to seek an additional $20 billion from allies at the June 18 Ramstein meeting to strengthen air…13:17ZNOELREPORTZelensky outlined Ukraine’s army reform, including higher pay, fixed service terms, new contracts and expande…13:17ZCLASHREPORSouthern Cyprus, Greece, Israel and the US launched the Eastern Mediterranean Energy Centre in Houston and ag…13:17ZMYLORDBEBOAthlete, Sergei Boytsov jumped with a parachute from 338.8m Mercury Tower, one of the tallest in Moscow in ho…13:15ZDDGEOPOLITEuropean defense stocks are sliding on funding concerns, the Financial Times reports.Investors are also shift…13:15ZMYLORDBEBOUAE, Iran hold first talks since regional war began amid normalization efforts13:19ZPRESSTVBrazil has reportedly refused to approve the appointment of a new Israeli Consul-General in São Paulo, after…13:18ZWFWITNESSBloomberg: The United States and Iran are edging closer to signing an agreement to reopen the Strait of Hormu…13:18ZNOELREPORTUkraine plans to seek an additional $20 billion from allies at the June 18 Ramstein meeting to strengthen air…13:17ZNOELREPORTZelensky outlined Ukraine’s army reform, including higher pay, fixed service terms, new contracts and expande…13:17ZCLASHREPORSouthern Cyprus, Greece, Israel and the US launched the Eastern Mediterranean Energy Centre in Houston and ag…13:17ZMYLORDBEBOAthlete, Sergei Boytsov jumped with a parachute from 338.8m Mercury Tower, one of the tallest in Moscow in ho…13:15ZDDGEOPOLITEuropean defense stocks are sliding on funding concerns, the Financial Times reports.Investors are also shift…13:15ZMYLORDBEBOUAE, Iran hold first talks since regional war began amid normalization efforts
Markets
S&P 500740 0.30%Nasdaq25,810 2.54%Nasdaq 10029,446 3.29%Dow512.52 0.62%Nikkei92.19 0.01%China 5035.25 0.97%Europe88.49 1.08%DAX42.69 0.99%BTC$63,434 0.91%ETH$1,667 1.08%BNB$606.3 1.14%XRP$1.13 1.85%SOL$66.82 2.39%TRX$0.3123 2.67%DOGE$0.087 2.60%HYPE$60.46 7.13%LEO$9.52 0.50%RAIN$0.0131 0.28%QQQ$716.8 0.04%VOO$680.32 0.31%VTI$365.62 0.36%IWM$291.58 0.40%ARKK$75.55 0.12%HYG$79.89 0.06%Gold$385.68 0.17%Silver$60.44 0.62%WTI Crude$126.8 1.58%Brent$48.58 1.12%Nat Gas$11.2 0.36%Copper$38.88 0.15%EUR/USD1.1537 0.00%GBP/USD1.3364 0.00%USD/JPY160.54 0.00%USD/CNY6.7774 0.00%S&P 500740 0.30%Nasdaq25,810 2.54%Nasdaq 10029,446 3.29%Dow512.52 0.62%Nikkei92.19 0.01%China 5035.25 0.97%Europe88.49 1.08%DAX42.69 0.99%BTC$63,434 0.91%ETH$1,667 1.08%BNB$606.3 1.14%XRP$1.13 1.85%SOL$66.82 2.39%TRX$0.3123 2.67%DOGE$0.087 2.60%HYPE$60.46 7.13%LEO$9.52 0.50%RAIN$0.0131 0.28%QQQ$716.8 0.04%VOO$680.32 0.31%VTI$365.62 0.36%IWM$291.58 0.40%ARKK$75.55 0.12%HYG$79.89 0.06%Gold$385.68 0.17%Silver$60.44 0.62%WTI Crude$126.8 1.58%Brent$48.58 1.12%Nat Gas$11.2 0.36%Copper$38.88 0.15%EUR/USD1.1537 0.00%GBP/USD1.3364 0.00%USD/JPY160.54 0.00%USD/CNY6.7774 0.00%
CLOSEDNYSEopens in 7m 58s
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
13:22 UTC
  • UTC13:22
  • EDT09:22
  • GMT14:22
  • CET15:22
  • JST22:22
  • HKT21:22
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Oceania

ShinyHunters Claims Data Breach at Instructure's Canvas Platform, Threatens to Publish Stolen Data

A threat actor with a track record of large-scale data theft has claimed responsibility for breaching Instructure's Canvas learning management system, used by thousands of schools and universities worldwide.
By Moemedi Michael Poncanaoceania4-minute read8 May 2026☆ Save↗ Share⎙ Print
A threat actor with a track record of large-scale data theft has claimed responsibility for breaching Instructure's Canvas learning management system, used by thousands of schools and universities worldwide.
A threat actor with a track record of large-scale data theft has claimed responsibility for breaching Instructure's Canvas learning management system, used by thousands of schools and universities worldwide. / TechCrunch / Photography

A threat actor operating under the name ShinyHunters has claimed responsibility for a data breach at Instructure, the Utah-based company behind the Canvas learning management system used by thousands of schools, colleges and universities worldwide. The claim, posted on 7 May 2026, was first flagged in a thread on the social platform formerly known as Twitter. Instructure had not issued a public statement confirming the breach at the time of publication.

The post gave no specific timeline for when the intrusion allegedly occurred, nor the volume of data involved. The threat actor's statement referenced a deadline for publishing the material, though the precise terms were not fully detailed in the public post. Monexus has contacted Instructure for comment and will update this article as more information becomes available.

Who Is ShinyHunters

ShinyHunters first gained widespread attention in 2020, when the group began advertising stolen databases from a string of online services on dark-web marketplaces. The group's activity cycle follows a recognisable pattern: breach a platform, exfiltrate user data, then offer the information for sale or threaten public release as leverage. Over the past several years, ShinyHunters has been linked to unauthorised access at multiple companies across the technology and services sectors. Cybersecurity firms have published analyses identifying the group's methods, which typically exploit application programming interfaces and third-party integrations to gain initial access before pivoting to internal systems.

The group has not always been consistent in following through on its most aggressive public threats, a trait some researchers have attributed to opportunistic rather than strategic intent. That said, instances where data has been published have caused significant downstream harm to affected users, particularly when credentials or personal information were included in the dump.

Why Educational Data Is a High-Value Target

Learning management systems like Canvas sit at the intersection of institutional trust and dense personal information. They typically store student names, email addresses, course enrolment data, and in some cases grading records and communications — a profile that commands value in underground markets. For threat actors focused on resale, this data serves multiple purposes: direct credential-stuffing attacks, identity fraud, and targeted phishing campaigns calibrated to the academic calendar.

Schools and universities are not new to this threat. The sector has been a consistent target throughout the past decade, though institutional cybersecurity investment has not kept pace with the increasing sophistication of the threat landscape. Many educational institutions operate on constrained IT budgets and rely on third-party vendors for core platform infrastructure — a dependency that concentrates risk and complicates incident response when a breach occurs upstream.

The reputational stakes for schools are also unusually high. Unlike a commercial retailer, an educational institution cannot simply cease operations or rebrand following a breach. Families, donors and regulatory bodies all have direct interests, and the political fallout within a school community can outlast any technical remediation. This makes educational institutions particularly sensitive to blackmail-style threats, even when the underlying data may not be uniquely sensitive.

Institutions in the Crosshairs

Canvas is deployed at a large number of primary, secondary and higher-education institutions globally. If the breach claim is verified, affected schools and universities will face a series of immediate obligations: determining what data was accessed, whether any data has been published elsewhere, and issuing breach notifications to students, staff and in some jurisdictions to data protection authorities within legally mandated timeframes. The complexity of that task varies considerably depending on how much access Instructure grants to its institutional customers during the forensic process.

Institutions that rely on single sign-on integrations with Canvas may face compounded risk if credentials were among the data taken. Multi-factor authentication status and session token security will be the key variables determining whether stolen data translates into live account compromises.

Regulatory exposure differs by jurisdiction. European institutions subject to the General Data Protection Regulation face mandatory notification requirements and potential fines proportional to the scope of a breach. Schools in the United States must navigate a patchwork of state-level breach notification laws, while Australian institutions covered by the Notifiable Data Breaches scheme face mandatory reporting to the Office of the Australian Information Commissioner.

What Comes Next

If the breach is confirmed, the incident will add to an already grim record for the education sector in data security. The structural vulnerabilities — third-party platform dependency, limited security staffing, high-value data stores — are not new, and they will not be resolved by any single incident. What a case like this does do is force a reckoning at the institutional level about what due diligence looks like when the platform is owned and operated by a third party.

ShinyHunters' activity pattern suggests the group will follow through on some version of its stated timeline. Whether the published data, if any, proves damaging depends on what was stored and how it was secured — questions that remain unanswered at this stage. Instructure's response, both to its institutional customers and to the broader public, will be a significant indicator of how seriously the sector takes the obligation to protect the data of millions of students and staff.

Monexus covered this story as a breaking data-security incident with emphasis on institutional obligations and sector-wide structural vulnerability — a framing that differs from cybersecurity trade press, which tends to lead with technical indicators of compromise and IOCs.

© 2026 Monexus Media · reported from the wire