Post Date: 2026/05/13

【Attack Alert】Canvas Provider Instructure Compromised by Hacking Group ShinyHunters

  • Subject: 【Attack Alert】Canvas Provider Instructure Compromised by Hacking Group ShinyHunters


  • Description:
    • Recently, multiple schools abroad have reported that attackers are targeting the Canvas online learning platform with account takeovers and phishing attacks. These may involve forged login pages, fake course notification emails, or third-party plugins to trick users into entering their account credentials.
  • Affected Platforms:
    • All Canvas products
  • Recommended Actions:
    • To avoid account compromise and data leakage, users are advised to stay vigilant and cooperate with the following security measures:
    • 1. Verify Login URLs: Please log in to Canvas through the official school portal or bookmarks, and avoid clicking on links in emails from unknown sources.
    • 2. Do Not Enter Credentials on Suspicious Pages: If a page displays unusual login requests, re-authentication, or MFA verification notifications, please verify the accuracy of the URL first.
    • 3. Enable Multi-Factor Authentication (MFA): It is recommended that users whose accounts support MFA enable it as soon as possible to reduce the risk of account takeover.
    • 4. Monitor for Unusual Notifications: Please be alert for login records not made by yourself, receipt of unusual verification codes, unidentified announcements or messages in courses, or accounts automatically sending out abnormal emails. If any of the above occurs, please change your password immediately and notify the IT department.
    • 5. Avoid Reusing Passwords and Update Passwords Regularly: Do not share your Canvas password with other websites or systems. It is also recommended to change your password periodically to enhance account security. If an account compromise or data leak is discovered, please report it in accordance with the regulations for information security incident reporting, response, and drills.
    • 6. For progress on this incident, please refer to the official website announcement: https://www.instructure.com/incident_update
  • Reference Materials:
    1. https://www.instructure.com/incident_update
    2. https://data.dailycal.org/2026-05-07-shiny-hunters
    3. https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12906
    4. https://www.ithome.com.tw/news/175580

Computer and Communication Center
Network Systems Division