Agent Thirty-two

@sexyishaan You pay money to post this shit?

DO NOT LOG INTO CANVAS

@jennfrey You never went to college.

We never needed blackboard or canva. And we could just stop using them and everything would be fine.

@alexabelonix What the fuck is this shit?

Your MVP should prove that someone cares. Not that you can build a beautiful dashboard. Not that you can add 10 integrations. Not that you can spend 3 weeks polishing onboarding. If the pain is strong, people tolerate ugly. Watch the video — is your MVP solving pain or just looking cute?

@hamburger317 It's actually pretty cheap compared to what it could be.

Education is too expensive for shit like this to happen Unexcusable

@RachelTobac Rachel knows... Almost nothing.

Apparently nerds + folks claiming to know how Canvas was breached are saying that they got in via “Vishing” (phone call phishing). This is a main way that ShinyHunters (and folks who emulate them) attack, they call to steal credentials & codes. Curious to see what gets confirmed.

@seritur @ProfBarryLam You just now realized this?

@ProfBarryLam Some of those higher-ups you mentioned got the warning mgs earlier this week from Instructure, and what did they do? Slept on it until yesterday 4PM instead of urging faculty to make copies of their course materials on their desktop. I kid you not!

Canvas, every cybercrime consultant company that took Uni $, every provost making instructors sit thru “phishing” training, should be made to pay every student’s identity theft insurance, as well as compensate student and faculty for their extra time having to navigate this bs.

Canvas hack It's not over. Not even close. Next week.

@lbk_enjoyer Classes before noon? You'll never make it.

Fuck you dude

@xravedogx I like how you have to announce your title. I've never seen this from real experts.

Cybersecurity expert here! This is bad.

@TeamTwiizers Nope. I promise you they didn't pay.

UPDATE: Canvas was taken off the ShinyHunters extortion page. Did Canvas pay?

Canvas hack Testing.

Canvas hack "All guns poolside."

@jaweedkaleem It's started weeks ago, you're late pal.

A major Canvas outage hit colleges across California today right as students are preparing for finals. At one point, users logging in were met with a ransom message. Universities are now scrambling to find workarounds. Here’s what we know so far: latimes.com/california/sto…

#Canvas hack "We're not going to pay the money because it's in crypto." Stayed tuned. This is much worse than what people are talking about, the ransom will not be paid.

@librarythingtim What data did they get actually?

This Canvas hack is BAD. Harvard, Stanford, MIT, Oxford, Princeton, Columbia, Cornell, Berkeley, Georgetown, UCLA, Ohio, Mississippi, Maryland, Wisconsin, Illinois… a jillion high schools. Bad.

@ABC7 I told you...a few days ago.

#BREAKINGNEWS: Universities and schools across the country, including several in Southern California, have been impacted by a massive cybersecurity breach involving education software Canvas. Several schools, including UCLA, Glendale Community College, California State University, San Bernardino, and Compton College, have been impacted. Eyewitness News is working to learn more. abc7.la/rrincb

@InternetH0F The fun hasn't even started yet.

Canvas' parent company Instructure has been hacked, and the site is being held for ransom after suffering a data breach Over 9000+ schools have reportedly been affected and ~225 million users worldwide had their personal information potentially compromised

@CAgovernor Snitches get stitches.

I'm offering $50,000 rewards to anyone providing information that helps crack unsolved crimes in California. If you know something, it is your duty to come forward to give victims and their loved ones justice. Every case matters, every victim matters, and California is determined to secure accountability.

hacking canva during finals season

@DailyDarkWeb Check my timeline... It's going to get worse.

🚨 A threat actor group is claiming responsibility for a large-scale alleged breach involving Instructure Holdings, Inc., the company behind the Canvas LMS platform widely used by educational institutions globally. According to the claims posted on a ransomware/extortion leak site, the alleged breach impacts: • nearly 9,000 schools worldwide • approximately 275 million individuals • students, teachers, and school staff • billions of private messages and conversations • additional Salesforce-related data The actors claim the exposed data may include: • personally identifiable information (PII) • private communications between students and teachers • internal educational records • school-related operational data The group is also threatening to publish: • a list of allegedly affected schools • additional leaked data if negotiations fail The post references: • “Pay or Leak” extortion demands • a claimed dataset size of 3.65TB+ uncompressed • a negotiation deadline of May 7, 2026 ⚠️ At this stage, these claims remain unverified. If authentic, a breach affecting an LMS ecosystem at this scale could have significant implications because educational platforms often centralize: • student communications • assignment submissions • academic records • internal staff messaging • authentication systems • parent/student contact data Potential risks could include: • identity theft • phishing targeting schools and parents • credential reuse attacks • extortion campaigns • student privacy violations • exposure of sensitive educational or disciplinary information The mention of “billions of private messages” is particularly notable, as educational communication systems frequently contain: • counseling discussions • disciplinary communications • personal conversations • academic integrity investigations • sensitive student-related exchanges However, ransomware and extortion groups are also known to: • exaggerate victim counts • inflate data volumes • recycle previously leaked material • use psychological pressure tactics during negotiations At the moment: • no independent verification has confirmed the scale of the claims • the authenticity of the alleged dataset remains unknown • official statements may still be pending Given Canvas LMS’s widespread global adoption across schools and universities, the cybersecurity community will likely monitor this claim closely over the coming days. Status: Unverified extortion and breach claim #CyberSecurity #Education #Canvas #Instructure #DataBreach #ThreatIntelligence #DarkWeb #Privacy #Ransomware #DDW #Intelligence