The Instructure Canvas Breach: ShinyHunter’s Extortion Campaign and Settlement
Threat group ShinyHunters exploited a Cross-Site Scripting vulnerability to breach educational technology firm Instructure, extracting over three terabytes of data and defacing portals. A settlement halted leaks, underscoring critical enterprise risks regarding data compartmentalization.
A threat actor group, identified as the ShinyHunters, claimed responsibility for a series of cybersecurity incidents targeting Instructure, a United States (US) based educational technology company. Instructure first detected the breach on April 29, 2026, and publicly disclosed on May 1. ShinyHunters then listed their company on their data leak site on May 3. The group alleges to have exfiltrated over 3.6 terabytes of uncompressed data, including Personally Identifiable Information (PII) and platform message exchanges. The incident reportedly impacted 8,909 educational institutions.
PSA Intelligence Security Analyst Team Inside
The PSA Intelligence team of security and risk analysts monitor thousands of intelligence sources across the Philippines and broader APAC region daily. PSA Intelligence supplies well-known international corporate security operations centers and enterprise risk management teams the reports and data required for their operations.
Contact us to for access to our regular risk management reports and data-feeds. Be sure to talk to us about our analyst vetted, reliable data feeds for your AI driven risk management systems too. We have 20+ years of back-data and keep the data acquisition pipelines running so you don't have to.
PSA Intelligence: Regional Reporting Capabilities
Our fast-paced intelligence pipeline is driven by a dedicated team of Manila-based security analysts that monitor the Philippine landscape every day. We bring together on-the-ground local insight with large scale data monitoring and cut through the noise to deliver the concise, actionable intelligence that our clients rely on to navigate their risks.
Regular Briefs & Industry Monitors
We provide a weekly digest of key political, economic, and security developments and analysis of their short and long-term impact on the local and regional business environment. Our Industry Monitors deliver regular summaries of key developments in manufacturing, energy, mining, and tourism.
Our Cyber Risks Briefs detail emerging cyberthreats, digital security vulnerabilities, and regulatory shifts, while our Economic Briefs provide macroeconomic snapshots covering inflation, trade markers, and fiscal policy. We also publish Health Risks Briefs tracking local disease statistics and healthcare capacities.
Targeted Crime & Kidnapping Reports
Our teams produce continuous updates and analysis on developing crime and safety trends targeting corporates and staff, ranging from opportunistic petty crime to syndicated criminal activity. This includes deep dives on known modus operandi, suspect profiles, and sociopolitical environments.
Additionally, we monitor Kidnapping Related Incidents in the Philippines, tracking publicly-known abduction cases, motives, victim profiles, and the broader regional developments that influence these threat vectors.
Insurgency, Terrorism, and Civil Unrest
We conduct ongoing analysis of activities of Communist insurgents in the Philippines, including their estimated operational capabilities, regional hotspots, and the progress of government peace processes.
Our coverage extends to Islamist Insurgency and Terrorism in Mindanao, assessing activities not limited to terrorism-related motivations but also criminal, personal, and cultural factors. We provide continuous assessments of political stability, strikes, protests, and broader civil unrest dynamics affecting operational continuity.
Ask an Analyst
Do you have a question regarding this report that you would like to ask our team of security and risk analysts? Ask here.
Query Sent
Thank you. Our intelligence team will respond to your query shortly.