Instructure disclosed a cybersecurity incident perpetrated by a criminal threat actor and says outside forensics are investigating the impact. Some services, including Canvas Data 2 and Canvas Beta, have been under maintenance since May 1 and customers may experience issues with tools that rely on API keys. #Instructure #ShinyHunters
Keypoints
- Instructure reported a cybersecurity incident and engaged outside forensics to investigate.
- Canvas Data 2 and Canvas Beta have been in maintenance since May 1, potentially affecting API-key dependent tools.
- Instructure has not confirmed whether the maintenance is related to the security incident and promises transparency as the investigation continues.
- BleepingComputer reached out for comment but received no response and previously retracted an earlier incorrect report.
- Threat actors are increasingly targeting education technology firms, with prior incidents at PowerSchool, Infinite Campus, and a 2025 Instructure Salesforce compromise claimed by ShinyHunters.