Instructure Reaches Agreement with ShinyHunters After Global Canvas Data Breach

May 13, 2026, 20:49

Introduction

Instructure, the company that runs the Canvas learning system, has reached an agreement with a hacking group called ShinyHunters. This follows a major data breach that affected about 275 million users across 9,000 educational institutions worldwide.

Main Body

The security breach began with unauthorized activity on April 29, followed by another attack on May 7. The hackers exploited a weakness in the 'Free-for-Teacher' program, which allowed people to create accounts without official verification. Consequently, the group stole between 3.5 and 3.65 terabytes of data, including usernames, emails, and private messages. However, Instructure emphasized that sensitive information, such as passwords and bank details, remained safe. There are conflicting views on how the company handled the situation. Instructure claims the agreement ensured the return of the stolen data and provided proof that the files were destroyed. On the other hand, cybersecurity experts suggest that this 'agreement' was actually a ransom payment, possibly worth millions of dollars. These experts assert that paying cybercriminals is a mistake because it may make the company a target for future attacks. As a result, the company is now facing serious legal and political pressure. The US House Committee on Homeland Security has requested a formal meeting to question Instructure's ability to respond to such crises. Furthermore, the parent company, KKR, is facing several class-action lawsuits in US courts. In Australia, government agencies have criticized the decision to pay, arguing that there is no guarantee that hackers will actually delete the data.

Conclusion

Canvas has returned to full operation, but users are warned to be careful of phishing scams while legal investigations continue.

Learning

⚡ The "Logic Jump": Moving from A2 to B2

At the A2 level, you likely use simple connectors like and, but, and because. To reach B2, you need to use Advanced Logical Transitions. These words don't just connect sentences; they tell the reader how to think about the information.

🔍 The Power Move: "Contrast & Consequence"

Look at these specific transitions from the text. They are the "bridge" to professional English:

Consequently $\rightarrow$ (A2 equivalent: So)
- Example: "The group stole data. Consequently, users are now at risk."
- B2 Tip: Use this when one event is the direct, logical result of another. It sounds more formal and precise than "so."
On the other hand $\rightarrow$ (A2 equivalent: But)
- Example: "The company says it was an agreement. On the other hand, experts call it a ransom."
- B2 Tip: Use this to introduce a complete opposite perspective. It signals to the listener that you are comparing two different arguments.
Furthermore $\rightarrow$ (A2 equivalent: Also)
- Example: "The US House is questioning them. Furthermore, the parent company is facing lawsuits."
- B2 Tip: Use this to "stack" evidence. It adds weight to your argument, making your speech feel like a structured case rather than a random list.

🛠️ Quick Upgrade Table

A2 Word (Simple)	B2 Bridge (Professional)	Why use it?
So	Consequently / As a result	To show professional cause-and-effect.
But	However / On the other hand	To balance two opposing ideas.
Also	Furthermore / In addition	To build a stronger, more academic list.

Pro Insight: A B2 speaker doesn't just provide information; they provide a map of the logic using these words.

Vocabulary Learning

agreement

A formal arrangement or contract between parties.

Example:The two companies signed an agreement to share technology.

breach

An act of breaking or violating a rule, law, or security.

Example:The security breach exposed millions of customer records.

hacking

The illegal act of accessing computer systems or data.

Example:The hacking of the website caused a major outage.

unauthorized

Not officially approved or permitted.

Example:The unauthorized use of the software was reported.

activity

Something that is done or performed.

Example:The company monitored suspicious activity on its servers.

attack

An aggressive action against a person, system, or organization.

Example:The cyberattack targeted the company's database.

exploit

To take advantage of a weakness or flaw.

Example:Hackers exploited a software flaw to gain access.

weakness

A flaw or vulnerability that can be used against something.

Example:The system's weakness made it easy to hack.

verification

The process of checking something for accuracy or authenticity.

Example:Verification of the account was required before access.

stolen

Taken illegally or without permission.

Example:Stolen data was sold on the dark web.

terabytes

Units of digital information equal to one trillion bytes.

Example:The breach involved 3.5 terabytes of data.

usernames

Names used to identify users in a system.

Example:The list of usernames was leaked.

emails

Electronic messages sent over the internet.

Example:Emails were intercepted during the breach.

private

Intended for a specific person or group; not public.

Example:Private messages were also compromised.

messages

Communications sent between people or systems.

Example:The hackers accessed private messages.

sensitive

Requiring careful handling because it could be harmful if disclosed.

Example:Sensitive information must be protected.

passwords

Secret codes used to access accounts.

Example:Passwords were stored in plain text.

bank

A financial institution that handles money and accounts.

Example:Bank details were among the stolen data.

conflicting

Having contradictory or opposing views.

Example:There were conflicting reports about the incident.

situation

A set of circumstances or conditions.

Example:The situation became more complicated after the breach.

claim

To state something as true or to assert ownership.

Example:The company claimed the data was recovered.

proof

Evidence that something is true or has happened.

Example:Proof of the data's destruction was provided.

destroyed

Eliminated or ruined so that it cannot be used.

Example:The files were destroyed after verification.

cybersecurity

The practice of protecting computer systems and data from attacks.

Example:Cybersecurity experts advised a new policy.

experts

Specialists with deep knowledge in a field.

Example:Experts warned that paying could be risky.

ransom

Money demanded for the release of something that has been taken or locked.

Example:The ransom was set at $10 million.

payment

The act of giving money in exchange for goods or services.

Example:The payment was made under pressure.

mistake

An error or wrong action.

Example:Paying the ransom was a mistake.

target

A person, group, or thing that is aimed at or attacked.

Example:The company became a target for future attacks.

future

Time that will come after the present; something that has not yet happened.

Example:Future attacks could be even more damaging.