Instructure paga un rescate masivo a los hackers de ShinyHunters
Read, Watch or Listen
United States-based Instructure, the developer of the widely used Canvas learning management system, has confirmed it paid a ransom to the cyber-extortion group ShinyHunters after a massive breach affecting education institutions worldwide. The company said it transferred the payment one day before a final deadline of May 12, 2026, following the theft of 3.6 terabytes of data linked to roughly 275 million users at more than 8,800 institutions, including major U.S. universities and K-12 school districts. Stolen information included student and staff names, email addresses, ID numbers and billions of private messages exchanged on the platform. The attackers escalated the incident on May 8 by defacing login portals at about 330 institutions, blocking access for students and faculty during critical final examination periods. United States investigators found that the hackers exploited a vulnerability in Canvas’s “Free-For-Teacher” account feature to bypass security boundaries and reach institutional data, prompting Instructure to disable that feature and deploy additional security patches. Chief executive Steve Daly said the company received digital confirmation of data destruction in the form of “shred logs” and assurances from ShinyHunters that it would not further extort Instructure’s customers, although the firm did not disclose the size of the ransom. The Federal Bureau of Investigation generally advises against paying ransoms, but Instructure said it proceeded with the settlement because of the immediate risks to student privacy and the disruption to academic operations during exams.
Prepared by Emily Rhodes and reviewed by editorial team.
Timeline of Events
- Principios de 2026 Hackers explotan vulnerabilidad Free-For-Teacher
- Principios de 2026 Atacantes acceden a datos institucionales de Canvas
- 8 de mayo de 2026 Portales de inicio de sesión atacados en 330 instituciones
- 8 de mayo de 2026 Estudiantes y profesores bloqueados durante exámenes
- 11 de mayo de 2026 Instructure paga rescate a ShinyHunters
- 11 de mayo de 2026 La empresa recibe confirmaciones de registro de triturado digital
- 12 de mayo de 2026 Se establece fecha límite para el pago final del rescate
- Mediados de mayo de 2026 Instructure aplica parches y deshabilita función
Why This Matters to You
Sus datos podrían estar en riesgo si forma parte de los 275 millones de usuarios afectados. Verifique si su escuela usa Canvas y cambie su contraseña de inmediato. Tenga cuidado con los correos electrónicos sospechosos que podrían ser intentos de phishing.
The Bottom Line
Esta brecha demuestra lo vital que es la ciberseguridad en nuestra era digital, especialmente en la educación. La decisión de Instructure de pagar el rescate, aunque controvertida, tuvo como objetivo proteger la privacidad de los estudiantes y las operaciones académicas. Vale la pena reenviarlo si conoce a alguien en el sector educativo.
- Articles Published:
- 1
- Right Leaning:
- 0
- Left Leaning:
- 0
- Neutral:
- 1
- Distribution:
- Left 0%, Center 100%, Right 0%
No especificado en el origen.
No especificado en el origen.
Coverage of Story:
From Left
No left-leaning sources found for this story.
From Right
No right-leaning sources found for this story.
Comments