Instructure, the company responsible for the popular Canvas learning platform, has revealed that it recently fell victim to a cybersecurity breach and is currently investigating the extent of the impact.
The U.S.-based educational technology firm is renowned for its development of Canvas, a widely utilized learning management system that aids schools, universities, and organizations in managing coursework, assignments, and online learning.
“Instructure was recently targeted by a cyberattack carried out by a malicious threat actor. We are actively probing this incident with the assistance of external forensic experts,” stated Steve Proud, Chief Security Officer.
“We are swiftly working to determine the full scope of the breach and are taking proactive measures to mitigate any potential fallout. Upholding your confidence in us is paramount, and we are dedicated to maintaining transparency throughout this investigative process.”
Instructure has committed to sharing updated information as their investigation progresses.
Since May 1, certain services such as Canvas Data 2 and Canvas Beta have been undergoing maintenance, with customers cautioned about potential disruptions to tools reliant on API keys.
The company has not confirmed if this maintenance is linked to the security breach.
BleepingComputer reached out to Instructure earlier today for further details on the incident but has not yet received a response.
BleepingComputer had previously published and retracted a report regarding this incident, acknowledging that it was based on inaccurate information from an earlier disclosure.
Threat actors have increasingly set their sights on education technology companies due to the vast amounts of personal data they possess about students and educators.
In January 2025, educational software provider PowerSchool disclosed a breach where a threat actor claimed to have accessed data belonging to 62 million students.
In September 2025, Instructure reported a separate breach resulting from a social engineering attack that enabled intruders to access data within its Salesforce system. At that time, a threat actor named ShinyHunters took credit for the breach and included the company on a data leak platform.
Similar campaigns have also targeted Infinite Campus, with claims of data theft from the company’s Salesforce environment.
An AI amalgamated four zero-day vulnerabilities into a single exploit that circumvented both renderer and OS sandboxes. A new wave of exploits is on the horizon.
Discover how autonomous, context-enriched validation identifies exploitable vulnerabilities, substantiates control efficacy, and closes the remediation loop at the Autonomous Validation Summit (May 12 & 14).
Secure Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
