Canvas Company Makes Deal with Hackers (CEFR Compare)

May 13, 2026, 20:49

Canvas Company Makes Deal with Hackers

Introduction

Instructure is the company that runs Canvas. They made a deal with a group of hackers called ShinyHunters. The hackers stole data from 275 million people.

Main Body

The hackers stole names, emails, and messages. They used a weak part of the system to get inside. The company says passwords and money information are safe. Instructure says the hackers gave the data back. But some experts think the company paid the hackers a lot of money. These experts say paying hackers is a bad idea. Now, the US government is asking the company many questions. Some people are also suing the company in court. Australia says companies should not pay hackers.

Conclusion

Canvas is working again. But users must be careful. Hackers might try to trick them with fake emails.

Learning

⚡ THE 'ACTION' PATTERN

In this story, we see how to describe people doing things to others. This is a key part of A2 English: Who $\rightarrow$ Did what $\rightarrow$ To whom.

1. The Simple Flow Look at these examples from the text:

Hackers $\rightarrow$ stole $\rightarrow$ data
Company $\rightarrow$ paid $\rightarrow$ hackers
Government $\rightarrow$ is asking $\rightarrow$ questions

2. Word Swap (The 'Money' Words) Notice how the text talks about value. You can use these basic patterns to build your own sentences:

Paid (gave money for something) $\rightarrow$ The company paid the hackers.
Safe (no danger) $\rightarrow$ Money information is safe.

3. Warning Words When something is dangerous, we use these simple A2 words found in the text:

Weak (not strong) $\rightarrow$ A weak part of the system.
Fake (not real) $\rightarrow$ Fake emails.
Careful (be alert) $\rightarrow$ Users must be careful.

Vocabulary Learning

company (n.)

An organization that sells goods or services.

Example:She works for a small company that makes toys.

deal (n.)

An agreement between two parties.

Example:They made a deal to share the profits.

hackers (n.)

People who break into computer systems.

Example:Hackers stole the company's secret files.

data (n.)

Information that can be stored or processed.

Example:The company protects its data from theft.

names (n.)

The words used to identify people.

Example:She wrote down the names of her friends.

emails (n.)

Messages sent by electronic mail.

Example:He checked his emails every morning.

messages (n.)

Communications sent from one person to another.

Example:She sent a message to her teacher.

system (n.)

A set of connected parts that work together.

Example:The computer system is very fast.

inside (prep.)

Within the interior of something.

Example:He looked inside the box.

passwords (n.)

Secret words that let you enter a computer.

Example:She forgot her passwords and had to reset them.

money (n.)

Currency used to buy goods or services.

Example:He saved his money for a vacation.

information (n.)

Facts or knowledge about something.

Example:The book provides useful information.

safe (adj.)

Not dangerous; protected.

Example:The bank keeps money safe.

experts (n.)

People who know a lot about something.

Example:Experts say the plan will work.

bad (adj.)

Not good; harmful.

Example:It was a bad idea to ignore the warning.

idea (n.)

A thought or plan.

Example:She had a good idea for the project.

government (n.)

The group that runs a country.

Example:The government announced new rules.

questions (n.)

Things you ask to get information.

Example:He answered all the questions.

people (n.)

Human beings.

Example:People enjoy outdoor activities.

court (n.)

A place where legal cases are heard.

Example:The case went to court.

Instructure Reaches Agreement with ShinyHunters After Global Canvas Data Breach

Introduction

Instructure, the company that runs the Canvas learning system, has reached an agreement with a hacking group called ShinyHunters. This follows a major data breach that affected about 275 million users across 9,000 educational institutions worldwide.

Main Body

The security breach began with unauthorized activity on April 29, followed by another attack on May 7. The hackers exploited a weakness in the 'Free-for-Teacher' program, which allowed people to create accounts without official verification. Consequently, the group stole between 3.5 and 3.65 terabytes of data, including usernames, emails, and private messages. However, Instructure emphasized that sensitive information, such as passwords and bank details, remained safe. There are conflicting views on how the company handled the situation. Instructure claims the agreement ensured the return of the stolen data and provided proof that the files were destroyed. On the other hand, cybersecurity experts suggest that this 'agreement' was actually a ransom payment, possibly worth millions of dollars. These experts assert that paying cybercriminals is a mistake because it may make the company a target for future attacks. As a result, the company is now facing serious legal and political pressure. The US House Committee on Homeland Security has requested a formal meeting to question Instructure's ability to respond to such crises. Furthermore, the parent company, KKR, is facing several class-action lawsuits in US courts. In Australia, government agencies have criticized the decision to pay, arguing that there is no guarantee that hackers will actually delete the data.

Conclusion

Canvas has returned to full operation, but users are warned to be careful of phishing scams while legal investigations continue.

Learning

⚡ The "Logic Jump": Moving from A2 to B2

At the A2 level, you likely use simple connectors like and, but, and because. To reach B2, you need to use Advanced Logical Transitions. These words don't just connect sentences; they tell the reader how to think about the information.

🔍 The Power Move: "Contrast & Consequence"

Look at these specific transitions from the text. They are the "bridge" to professional English:

Consequently $\rightarrow$ (A2 equivalent: So)
- Example: "The group stole data. Consequently, users are now at risk."
- B2 Tip: Use this when one event is the direct, logical result of another. It sounds more formal and precise than "so."
On the other hand $\rightarrow$ (A2 equivalent: But)
- Example: "The company says it was an agreement. On the other hand, experts call it a ransom."
- B2 Tip: Use this to introduce a complete opposite perspective. It signals to the listener that you are comparing two different arguments.
Furthermore $\rightarrow$ (A2 equivalent: Also)
- Example: "The US House is questioning them. Furthermore, the parent company is facing lawsuits."
- B2 Tip: Use this to "stack" evidence. It adds weight to your argument, making your speech feel like a structured case rather than a random list.

🛠️ Quick Upgrade Table

A2 Word (Simple)	B2 Bridge (Professional)	Why use it?
So	Consequently / As a result	To show professional cause-and-effect.
But	However / On the other hand	To balance two opposing ideas.
Also	Furthermore / In addition	To build a stronger, more academic list.

Pro Insight: A B2 speaker doesn't just provide information; they provide a map of the logic using these words.

Vocabulary Learning

agreement

A formal arrangement or contract between parties.

Example:The two companies signed an agreement to share technology.

breach

An act of breaking or violating a rule, law, or security.

Example:The security breach exposed millions of customer records.

hacking

The illegal act of accessing computer systems or data.

Example:The hacking of the website caused a major outage.

unauthorized

Not officially approved or permitted.

Example:The unauthorized use of the software was reported.

activity

Something that is done or performed.

Example:The company monitored suspicious activity on its servers.

attack

An aggressive action against a person, system, or organization.

Example:The cyberattack targeted the company's database.

exploit

To take advantage of a weakness or flaw.

Example:Hackers exploited a software flaw to gain access.

weakness

A flaw or vulnerability that can be used against something.

Example:The system's weakness made it easy to hack.

verification

The process of checking something for accuracy or authenticity.

Example:Verification of the account was required before access.

stolen

Taken illegally or without permission.

Example:Stolen data was sold on the dark web.

terabytes

Units of digital information equal to one trillion bytes.

Example:The breach involved 3.5 terabytes of data.

usernames

Names used to identify users in a system.

Example:The list of usernames was leaked.

emails

Electronic messages sent over the internet.

Example:Emails were intercepted during the breach.

private

Intended for a specific person or group; not public.

Example:Private messages were also compromised.

messages

Communications sent between people or systems.

Example:The hackers accessed private messages.

sensitive

Requiring careful handling because it could be harmful if disclosed.

Example:Sensitive information must be protected.

passwords

Secret codes used to access accounts.

Example:Passwords were stored in plain text.

bank

A financial institution that handles money and accounts.

Example:Bank details were among the stolen data.

conflicting

Having contradictory or opposing views.

Example:There were conflicting reports about the incident.

situation

A set of circumstances or conditions.

Example:The situation became more complicated after the breach.

claim

To state something as true or to assert ownership.

Example:The company claimed the data was recovered.

proof

Evidence that something is true or has happened.

Example:Proof of the data's destruction was provided.

destroyed

Eliminated or ruined so that it cannot be used.

Example:The files were destroyed after verification.

cybersecurity

The practice of protecting computer systems and data from attacks.

Example:Cybersecurity experts advised a new policy.

experts

Specialists with deep knowledge in a field.

Example:Experts warned that paying could be risky.

ransom

Money demanded for the release of something that has been taken or locked.

Example:The ransom was set at $10 million.

payment

The act of giving money in exchange for goods or services.

Example:The payment was made under pressure.

mistake

An error or wrong action.

Example:Paying the ransom was a mistake.

target

A person, group, or thing that is aimed at or attacked.

Example:The company became a target for future attacks.

future

Time that will come after the present; something that has not yet happened.

Example:Future attacks could be even more damaging.

Instructure Negotiates Settlement with ShinyHunters Following Global Canvas Data Breach

Introduction

Instructure, the operator of the Canvas learning management system, has concluded an agreement with the cybercriminal entity ShinyHunters to resolve a massive data exfiltration event affecting approximately 275 million users across 9,000 educational institutions.

Main Body

The security compromise commenced with unauthorized activity detected on April 29, followed by a secondary intrusion on May 7. The threat actor, identified as ShinyHunters, exploited a vulnerability within the 'Free-for-Teacher' program, which permitted account creation without institutional verification. This breach resulted in the exfiltration of approximately 3.5 to 3.65 terabytes of data, comprising usernames, email addresses, enrollment details, and private communications. Instructure maintains that sensitive credentials, such as passwords and financial identifiers, remained secure. Stakeholder positioning reveals a significant divergence regarding the resolution of the crisis. Instructure reports that the agreement ensured the return of stolen data and the provision of 'shred logs' as digital verification of data destruction. However, cybersecurity analysts and former government officials suggest that the terminology 'reached an agreement' is a euphemism for a ransom payment, with estimates placing the sum in the high single-digit millions of US dollars. Experts contend that such a rapprochement with cybercriminals is counterproductive, asserting that it may categorize the organization as a preferred target for future extortion—a phenomenon described as the 'sucker list.' Institutional and legal repercussions have materialized rapidly. The US House Committee on Homeland Security has requested a formal briefing from Instructure's leadership, with Chairman Andrew Garbinbo questioning the company's incident response capabilities. Concurrently, the parent company, KKR, is facing multiple class-action lawsuits in US federal court alleging systemic failures in platform protection. In Australia, government agencies have reiterated their opposition to ransom payments, citing the lack of guarantee regarding data recovery and the potential reinforcement of criminal business models.

Conclusion

Canvas has resumed full operations, though users remain cautioned against increased phishing risks while regulatory and legal inquiries continue.

Learning

The Nuance of Strategic Euphemism & Corporate Lexis

To bridge the gap from B2 to C2, a student must move beyond meaning and enter the realm of connotation and strategic ambiguity. The provided text is a masterclass in Corporate Sanitization—the act of using high-register, Latinate vocabulary to mask unpleasant realities.

◈ The 'Euphemism Pivot'

Observe the phrase: "concluded an agreement" and "reached an agreement."

At a B2 level, a student sees "agreement" as a positive resolution. At C2, we recognize this as a semantic shield. The text explicitly contrasts this with the analysts' interpretation: a "ransom payment."

C2 Insight: Notice the shift from Agentic Verbs (paying, giving) to State-based Nouns (agreement, resolution). By framing the event as an "agreement," the organization attempts to shift the narrative from victimhood/extortion to negotiation/diplomacy.

◈ Lexical Precision: The 'High-Register' Anchor

Certain terms in the text serve as markers of academic and professional sophistication. Mastering these allows a writer to maintain a detached, authoritative tone:

Rapprochement /ˌræprəˈʃɒnmɒ̃/
- Context: "...such a rapprochement with cybercriminals..."
- C2 Analysis: Borrowed from French, this term typically describes the re-establishment of cordial relations between nations. Using it here is slightly ironic (or sardonic), as it applies a high-diplomacy term to a criminal transaction, highlighting the absurdity of the situation.
Divergence /daɪˈvɜːrdʒəns/
- Context: "...a significant divergence regarding the resolution..."
- C2 Analysis: Where a B2 student would use "difference," the C2 writer uses "divergence" to imply a widening gap in perspectives or a splitting of paths, adding a geometric quality to the disagreement.

◈ Sophisticated Collocations for Systemic Analysis

Note the grouping of adjectives and nouns that create a 'dense' academic texture:

Systemic failures $\rightarrow$ Not just 'big mistakes,' but flaws inherent to the entire structure.
Materialized rapidly $\rightarrow$ Instead of 'happened quickly,' suggesting a physical manifestation of a threat.
Institutional verification $\rightarrow$ A formalization of the concept of 'checking who someone is.'

C2 Takeaway: Mastery is not about the rarest word, but about the intentionality of register. The ability to recognize when a writer is using "sophisticated" language to obscure a truth is the hallmark of a C2 reader; the ability to deploy it to manage a narrative is the hallmark of a C2 writer.

Vocabulary Learning

exfiltration (n.)

The unauthorized removal or extraction of data from a system.

Example:The exfiltration of 3.5 terabytes of student records sparked an immediate investigation.

compromise (n.)

A breach that allows unauthorized access to a system or data.

Example:The security compromise began with a subtle intrusion that went unnoticed for days.

intrusion (n.)

An unauthorized entry into a system or network.

Example:The second intrusion on May 7 was detected by the system’s anomaly alerts.

vulnerability (n.)

A weakness in a system that can be exploited by attackers.

Example:The attackers exploited a vulnerability in the Free-for-Teacher program.

verification (n.)

The process of confirming the authenticity or validity of something.

Example:Shred logs serve as digital verification that the data was destroyed.

credentials (n.)

Information such as usernames and passwords used to authenticate a user.

Example:Sensitive credentials like passwords remained secure after the breach.

divergence (n.)

A difference or departure in opinion or position.

Example:Stakeholder positioning revealed a significant divergence over how to resolve the crisis.

rapprochement (n.)

An attempt to restore friendly relations after a period of conflict.

Example:Experts warned that a rapprochement with cybercriminals could be counterproductive.

counterproductive (adj.)

Having an adverse or harmful effect, contrary to the intended goal.

Example:Paying a ransom may be counterproductive, encouraging future attacks.

phenomenon (n.)

A remarkable or unusual event or circumstance.

Example:The 'sucker list' phenomenon describes institutions targeted for extortion.

sucker list (n.)

A catalog of organizations deemed attractive targets for cybercriminals.

Example:Being on the sucker list increases a company's risk of being targeted again.

repercussions (n.)

Consequences or effects that follow an action or event.

Example:Institutional and legal repercussions materialized rapidly after the breach.

class-action (n.)

A lawsuit filed by a group of people with similar claims against a defendant.

Example:KKR faces multiple class-action lawsuits alleging systemic platform failures.

reinforcement (n.)

The act of strengthening or supporting something, often used in a negative sense when encouraging undesirable behavior.

Example:Ransom payments may reinforce criminal business models.

phishing (n.)

A cyberattack that tricks individuals into revealing sensitive information via deceptive communications.

Example:Users are cautioned against increased phishing risks following the breach.

inquiry (n.)

A formal investigation or request for information.

Example:The US House Committee on Homeland Security requested a briefing as part of its inquiry.

euphemism (n.)

A mild or indirect word or expression substituted for one considered too harsh or blunt.

Example:The term 'reached an agreement' is a euphemism for a ransom payment.

ransom (n.)

Money demanded or paid for the release of something that has been taken or threatened to be taken.

Example:The ransom demanded was estimated in the high single-digit millions of dollars.

extortion (n.)

The act of obtaining something through force, threats, or intimidation.

Example:The cybercriminals threatened extortion if the ransom was not paid.

incident (n.)

An event or occurrence, especially one that is undesirable or unexpected.

Example:The incident prompted an immediate response from the security team.

response (n.)

A reaction or answer to a particular situation or stimulus.

Example:The company’s incident response capabilities were scrutinized by lawmakers.

platform (n.)

A software framework or service that supports applications or data.

Example:KKR’s platform protection was alleged to have systemic failures.

protection (n.)

The act of keeping something safe from harm or danger.

Example:The breach exposed weaknesses in the platform’s protection mechanisms.

recovery (n.)

The process of restoring data or systems after loss or damage.

Example:There is no guarantee regarding data recovery after a ransom is paid.

guarantee (n.)

A formal assurance or promise that something will be performed or achieved.

Example:The government agencies cited the lack of guarantee for data recovery.