The cyberattack crisis surrounding Canvas, the widely used educational platform, has taken a more alarming turn. The hacker group ShinyHunters has breached the system a second time and left a direct message on the platform itself, along with a fresh ultimatum. Universities across the Netherlands and beyond are now scrambling to respond, with VU University Amsterdam taking the drastic step of cutting off all its systems connected to Canvas entirely. The situation is moving fast, and millions of students and staff are caught in the middle of it.
3 hours Ago
Second Breach, New Deadline
ShinyHunters made their return impossible to ignore. The group posted a message directly within the Canvas app, calling out Instructure — the company behind Canvas — for failing to engage with them after the first attack. According to the hackers, rather than opening negotiations, the company simply rolled out a few security patches and moved on.
That response, apparently, was not enough.
The group has now given affected educational institutions until May 12 to make contact and enter negotiations. If that deadline passes without a response, ShinyHunters says it will go ahead and publish the stolen data.
A previous deadline had already expired the day before this second intrusion came to light, which shows the group is serious about following through.
The scale of what was stolen is deeply concerning. When ShinyHunters first announced the breach on Monday, they claimed to have taken data belonging to millions of students, lecturers, and other university staff from higher education institutions around the world.
Canvas is the platform students use daily — to submit assignments, check grades, and stay connected with their courses — making the stolen data particularly sensitive.
Dutch Universities Among Those Affected
VU Amsterdam moved quickly after the second breach became known, announcing it had disconnected all systems tied to Canva.
Copyright @ 2024 IBRA Digital