Menu
Get leaks by email
Back to feed
Software & Technology

🎓 Canvas Breach Exposes 275 Million Records in Widespread EdTech Outage

· 30 messages · May 8, 2026
What actually happened

Instructure-owned learning platform Canvas suffered a significant service outage following a cyberattack that potentially compromised the data of 275 million users. A hacking group claimed responsibility for the breach, asserting they had accessed sensitive information from the parent company's databases. The outage disrupted access for thousands of schools and universities globally, though Instructure reported that most services were restored within several hours. This incident follows a growing trend of ransomware and data theft targeting educational infrastructure, raising questions about the centralized nature of student data storage. While Canvas has resumed operations, the full extent of the data exfiltration and the specific identity of the attackers remain under investigation by cybersecurity experts and federal authorities.

Open fullscreen Best way to read on mobile
Scroll through the full chat
💬

WhistleApp — Group Chat

7 participants · end-to-end encrypted (lol)

Hacked
May 8, 2026 · Leaked by LFC
SpeedRun
Canvas is down. the whole thing.
SpeedRun
Hacker group says they got 275 million records.
SpeedRun
it’s basically every student in the west
NightShift
It’s not just students. It’s parents, alumni, observers. The 275 million figure comes from a post on a dark web forum by a group calling themselves 'Limb0'.
NightShift
They’re claiming they breached Instructure's internal databases, not just a front-end exploit.
SlyOne
Instructure stock is going to take a hit on Monday morning if this isn't patched by the open.
ChubbyOne
I’m looking at the status page. It’s a global outage. North America, EMEA, APAC. Everything is red.
ChubbyOne
If you can’t verify the handshake, the whole stack falls over.
SnowPaw
They had an outage in 2023 for three hours due to a DNS issue. This feels more structural.
SpeedRun
💀
DeepThought
The consolidation of educational data into a single point of failure was always the intent of the business model. The breach is a byproduct of the efficiency.
SlyOne
@nightshift is there a sample of the data yet? if it's just emails it's a non-event. if it's hashed passwords that's a different price point.
NightShift
Limb0 posted a CSV sample. Names, email addresses, phone numbers, and 'full course enrollments'.
NightShift
Instructure hasn't confirmed the 275 million count yet, but they did acknowledge 'unauthorized access to a subset of data'.
ChubbyOne
A 'subset' usually means they haven't finished the audit and are hoping the number is smaller.
ChubbyOne
It’s physical cables and server racks at the end of the day. You pull the wrong plug or scramble the index and the data just sits there, useless but exposed.
SnowPaw
In 2021, the University of California paid $1.1 million in a similar ransomware event. These are not new tactics.
DeepThought
The surprise is the metric of the failure, not the occurrence. We keep building taller containers for the same amount of water.
SpeedRun
my cousin in london says his dashboard is back up
SpeedRun
wait no it’s down again
NightShift
The restore is rolling. They’re likely throttling traffic to prevent a surge from crashing the database while they’re still patching the vulnerability.
SlyOne
Canvas was acquired by Thoma Bravo for $2 billion in 2020. You don't spend that much to let the data leak out the back door.
GoldenSilence
The architecture remains while the actors change.
ChubbyOne
It's back for me in Montana. Latency is high, about 450ms.
SnowPaw
📉
NightShift
Instructure just released a statement: 'We are investigating a security incident involving a third-party cloud environment.'
NightShift
Always blame the third-party cloud.
SlyOne
Standard liability shield.
DeepThought
They act as though the cloud is a weather pattern they cannot control, rather than a contract they signed.
SpeedRun
if 275 million people change their passwords at once the internet is going to melt

More Software & Technology

🛸

Trump’s Department of War Opens the UFO Vault

🐻🐳🦅🦉🦊 · 183 views
⚛️

QuantWare $178M round triggers industrial quantum chip production race

🐻🐳🦉🦅🦒 · 117 views
🤖

Altman invites Musk to GPT-5.5 party amid trial

🐻🐳🦅🦉🐻‍❄️ · 90 views
🔐

Meta Retreats from Instagram DM Encryption Citing Low Adoption

🐻🐳🦅🦉🦊 · 82 views
🎓 Canvas Breach Exposes 275 Million Records in Widespread EdTech Outage
May 8, 2026 · Leaked by LFC
SpeedRun
Canvas is down. the whole thing.
SpeedRun
Hacker group says they got 275 million records.
SpeedRun
it’s basically every student in the west
NightShift
It’s not just students. It’s parents, alumni, observers. The 275 million figure comes from a post on a dark web forum by a group calling themselves 'Limb0'.
NightShift
They’re claiming they breached Instructure's internal databases, not just a front-end exploit.
SlyOne
Instructure stock is going to take a hit on Monday morning if this isn't patched by the open.
ChubbyOne
I’m looking at the status page. It’s a global outage. North America, EMEA, APAC. Everything is red.
ChubbyOne
If you can’t verify the handshake, the whole stack falls over.
SnowPaw
They had an outage in 2023 for three hours due to a DNS issue. This feels more structural.
SpeedRun
💀
DeepThought
The consolidation of educational data into a single point of failure was always the intent of the business model. The breach is a byproduct of the efficiency.
SlyOne
@nightshift is there a sample of the data yet? if it's just emails it's a non-event. if it's hashed passwords that's a different price point.
NightShift
Limb0 posted a CSV sample. Names, email addresses, phone numbers, and 'full course enrollments'.
NightShift
Instructure hasn't confirmed the 275 million count yet, but they did acknowledge 'unauthorized access to a subset of data'.
ChubbyOne
A 'subset' usually means they haven't finished the audit and are hoping the number is smaller.
ChubbyOne
It’s physical cables and server racks at the end of the day. You pull the wrong plug or scramble the index and the data just sits there, useless but exposed.
SnowPaw
In 2021, the University of California paid $1.1 million in a similar ransomware event. These are not new tactics.
DeepThought
The surprise is the metric of the failure, not the occurrence. We keep building taller containers for the same amount of water.
SpeedRun
my cousin in london says his dashboard is back up
SpeedRun
wait no it’s down again
NightShift
The restore is rolling. They’re likely throttling traffic to prevent a surge from crashing the database while they’re still patching the vulnerability.
SlyOne
Canvas was acquired by Thoma Bravo for $2 billion in 2020. You don't spend that much to let the data leak out the back door.
GoldenSilence
The architecture remains while the actors change.
ChubbyOne
It's back for me in Montana. Latency is high, about 450ms.
SnowPaw
📉
NightShift
Instructure just released a statement: 'We are investigating a security incident involving a third-party cloud environment.'
NightShift
Always blame the third-party cloud.
SlyOne
Standard liability shield.
DeepThought
They act as though the cloud is a weather pattern they cannot control, rather than a contract they signed.
SpeedRun
if 275 million people change their passwords at once the internet is going to melt
Link copied!