If you have been frantically refreshing your browser and asking “when is Canvas going to be back up,” you are far from alone. Millions of students, teachers, and administrators across the globe were left unable to access their courses, assignments, and grades after a major cyberattack disrupted the Canvas learning management system beginning on April 30. Here is a complete, up-to-date breakdown of what happened, where things stand right now, and what you should do next.
What Happened to Canvas?
Canvas, operated by Instructure — the Salt Lake City-based education technology company — suffered a significant cybersecurity breach that began on April 30. The criminal extortion group ShinyHunters, a well-documented hacking collective previously responsible for high-profile attacks on Ticketmaster and AT&T, exploited a vulnerability in Instructure’s production systems to gain unauthorized access to data.
On May 1, Instructure’s Chief Information Security Officer Steve Proud formally notified customers of the incident. The company immediately brought in outside forensic experts to investigate, began revoking compromised credentials, rotated application keys, and deployed security patches to contain the attack.
The breach forced Canvas Data 2, Canvas Beta, and Canvas Test environments into maintenance mode, disrupting API key-dependent tools and affecting users across thousands of institutions worldwide.
Is Canvas Back Up Now?
Partially yes — with some caveats. Here is the current restoration timeline:
- May 2: Instructure confirmed the incident was contained and began reissuing application keys
- May 3: Canvas Data 2 and Canvas Beta were restored for all customers
- May 6: Canvas was declared fully operational, with Instructure stating it found no indication of “ongoing unauthorized activity”
- May 7: A new maintenance window was placed on Canvas, Canvas Beta, and Canvas Test, with Instructure stating it “anticipates being up soon”
- May 8 (today): Canvas LMS itself is largely operational for most users, though Student ePortfolios remains in a partial outage state
If you are still unable to log in or access specific features, check status.instructure.com for the most current incident updates specific to your institution.
How Many Schools Were Affected?
The scale of this outage was unprecedented. ShinyHunters claims the breach affected approximately 9,000 educational institutions worldwide, including K-12 school districts, universities, and online education platforms. High-profile institutions confirmed to be affected include Harvard, Stanford, Columbia, Northwestern, Duke, the University of Pennsylvania, the University of Chicago, and the University of Illinois, among thousands of others.
In North Carolina alone, the Wake County Public School System and the entire state K-12 network — which has used Canvas since 2015 — were impacted. Schools across the UK and Europe, including 44 Dutch universities and institutions, were also listed among those affected.
What Data Was Exposed?
According to Instructure’s official disclosures, the following types of information may have been compromised:
- Names
- Email addresses
- Student ID numbers
- Canvas Inbox and Discussion messages (private messages between students and teachers)
Instructure has stated there is currently no indication that passwords, dates of birth, government identifiers, or financial information were involved in the breach. However, cybersecurity experts have noted that the exposure of private messages is qualitatively more serious than a standard name-and-email leak, since those messages may contain phone numbers, home addresses, and sensitive personal details shared in confidence.
ShinyHunters claims to have stolen 3.65 terabytes of data, including what it describes as billions of private messages and records belonging to 275 million students, teachers, and staff. These figures have not been independently verified by Instructure.
Why Did This Happen at the Worst Possible Time?
The outage struck at one of the most critical periods of the academic calendar — the final weeks of the school year, when students are completing coursework, submitting final projects, and teachers are entering grades. Educators across the country reported having to improvise with paper assignments and alternate platforms, while students expressed anxiety over deadlines and assignment submissions.
Instructure is used by 41% of higher education institutions across North America, making it a prime target. Cybersecurity analysts have described this as a “bank robber finding the armored truck” scenario — instead of attacking individual schools one by one, hackers targeted the single vendor serving thousands of institutions simultaneously.
Is My Data Safe? What Should You Do Right Now?
Even if Canvas itself is back online, the underlying data breach remains an active concern. Here are the steps experts recommend:
1. Change your Canvas password immediately, especially if you reuse it across other accounts such as email or social media.
2. Watch out for targeted phishing, because attackers now have access to real names, real course information, and real teacher-student messages. Expect scam emails that look unusually convincing and reference actual courses or assignments.
3. Verify any official-looking emails about the breach by going directly to your school’s website rather than clicking links in messages you receive.
4. Enable multi-factor authentication (MFA) on your school accounts wherever available. Instructure itself has recommended MFA for all privileged accounts.
5. Monitor for unusual account activity across any accounts that share the same email address tied to your Canvas login.
What Is Instructure Doing About It?
Instructure has taken the following documented steps:
- Engaged independent outside cybersecurity forensics experts
- Contained the breach and patched the exploited vulnerability
- Rotated all affected application keys and revoked compromised credentials
- Issued ongoing updates via its public status page (status.instructure.com)
- Begun communicating directly with affected institutions
- Advised customers to enforce MFA, review admin access, and rotate API tokens
The company has not publicly addressed ShinyHunters’ ransom demands. ShinyHunters initially set a deadline of May 6 for Instructure to respond, later extended to May 12, according to reporting. As of today, Instructure has not confirmed whether extortion negotiations are occurring.
Who Is ShinyHunters?
ShinyHunters is a financially motivated cybercriminal extortion group active since approximately 2020. Cybersecurity analysts describe it as a loose network of individuals — described by one threat analyst as including teenagers and young adults based in the US and UK — that specializes in breaching large SaaS providers to maximize the number of downstream victims from a single attack.
The group’s track record includes the 2024 Snowflake supply chain attack that exposed data at Ticketmaster (560 million records) and AT&T (110 million customers), a March breach of the European Commission, and attacks on education platforms including Infinite Campus and publisher McGraw Hill. Notably, this is Instructure’s second ShinyHunters breach in eight months — the first occurred in September 2025 through a Salesforce social engineering attack.
What About Canvas and Future Outages?
This event has reignited a broader conversation about the concentration risk in education technology. When a single vendor serves 41% of higher education and thousands of K-12 districts, a single successful cyberattack cascades across the entire ecosystem simultaneously. Cybersecurity professionals are urging school districts and universities to demand greater transparency from EdTech vendors about their security posture, incident response plans, and specifically what changed after the September 2025 breach that was insufficient to prevent this one.
For now, Canvas appears to be back up for most users. The priority for students and educators is checking assignment deadlines with their instructors, securing their accounts, and staying alert to phishing in the coming weeks.
Quick Reference: Canvas Status Links
- Official Canvas Status Page: status.instructure.com
- Instructure Support: community.canvaslms.com
- Check your school’s IT page for institution-specific guidance
Last updated: May 8. Information reflects the latest available data from Instructure’s official status page and verified news reporting.