{“lastseen”:”2026-05-12T10:05:08″,”description”:”The Instructure\/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.\\n\\nMillions of students had personal data stolen, with extortion group ShinyHunters claiming credit for the data breach and applying extra pressure for their ransom demands by bothering Canvas users directly.\\n\\nWhich seems to have paid off. On the Instructure web page about the recent data breach, a status update dated May 11, 26 says:\\n\\n\\u003e \u201cWe know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority.\\n\\u003e \\n\\u003e With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.\u201d\\n\\nThis implies that Instructure has paid ShinyHunters. At least some of that money will almost certainly go toward funding future cybercrime operations. Whether companies should ever pay ransomware or extortion demands remains a contentious debate, and that is not an argument I want to reignite here.\\n\\nWhat I don\u2019t understand is the next phrase in the update:\\n\\n\\u003e \u201cThe data was returned to us.\u201d\\n\\nWhile that may be intended to sound reassuring, in cybersecurity, data is not a borrowed laptop or a misplaced folder. Once copied, it can be copied again, and again.\\n\\nThat matters because the incident wasn\u2019t just about temporary access. Instructure said the unauthorized access involved usernames, email addresses, course names, enrollment information, and messages.\\n\\n## Data cannot simply be \u201creturned\u201d\\n\\nSo, when a company says the data was \u201creturned\u201d and \u201cshred logs\u201d were provided, the real question is not whether the attackers still possess the original files. It is whether copies were made, whether those copies were shared and with whom. So, in essence, whether the breach\u2019s downstream risks have actually been eliminated. While these types of cybercriminals tend to operate on trust, digital data does not come with a guaranteed recall function.\\n\\nThe good news is that Instructure says no passwords, dates of birth, government identifiers, or financial information were involved. But names, email addresses, course details, and private messages are still enough to fuel highly targeted phishing and social engineering long after the headlines fade.\\n\\nFor students and families, the practical advice from our original blog still applies:\\n\\n * Reset Canvas\u2011related passwords\\n * Enable multi\u2011factor authentication where possible\\n * Monitor financial and credit activity as children get older\\n * Stay wary of highly personalized phishing that references real schools, courses, or teachers\\n\\n\\n\\n* * *\\n\\n**Your name, address, and phone number are probably already for sale. ** \\n\\nData brokers collect and sell your personal details to anyone willing to pay. Malwarebytes Personal Data Remover finds them and gets your information removed, then keeps watch so it stays that way. \\n\\nSCAN NOW”,”published”:”2026-05-12T08:41:07″,”modified”:”2026-05-12T08:41:07″,”type”:”malwarebytes”,”title”:”Stolen Canvas data was \u201creturned\u201d after hacker agreement, Instructure says”,”source”:””,”references”:””,”id”:”MALWAREBYTES:9274630BAF4A0988E459A4D4B97CB1A7″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/stolen-canvas-data-was-returned-after-hacker-agreement-instructure-says”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-12T10:05:08″,”description”:”The Instructure\/Canvas data breach that has dominated cybersecurity coverage recently has reached a new stage.\\n\\nMillions of students had personal data stolen, with extortion group ShinyHunters…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-53338","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n