As of May 4, 2026, the global education sector is facing its largest security crisis to date. Instructure, the parent company of the widely used Canvas Learning Management System (LMS), has confirmed a significant cyberattack. The notorious extortion group ShinyHunters has claimed responsibility, alleging they have exfiltrated a staggering 3.65 Terabytes of data.
For millions of students and educators who rely on Canvas for their daily classes, assignments, and grades, the news is terrifying. The hackers claim the breach involves the personal records of approximately 275 million individuals across 9,000 institutions. This has led to a global surge in searches for "have i been pwned" as users scramble to secure their academic accounts.
What Data Was Stolen in the Canvas Hack?
While Instructure has stated that they found no evidence of financial data or passwords being compromised, the hackers claim otherwise. According to the leak site, the stolen data includes names, email addresses, student ID numbers, and internal user messages. This follows the pattern of the recent Follett Software Breach, proving that education tech is now the #1 target for 2026.
Even if passwords weren't directly taken, leaked emails and student IDs are the perfect ingredients for targeted phishing attacks. If you suddenly receive a "University" email asking for a login, you might already be pwned.
Is Your Academic Email Safe?
You shouldn't wait for your school to send an official notification. Hackers often sell this data on the dark web weeks before companies admit the full scale of the leak. Millions of users are now asking, "did i get pwned?" or searching for "am i pwned" to find answers.
Our database has been updated with the latest signatures from the Instructure incident. You can use our have i been pwned free scanner to check if your school or university email has appeared in this massive 3.65 TB dump.
How to Protect Your Student Account
- Verify Instantly: Run your email through our data breach checker to see if your info has surfaced online.
- Revoke API Keys: If you use third-party apps connected to Canvas, go to your settings and revoke active API tokens immediately.
- Watch for Phishing: Be extremely suspicious of any email or SMS regarding your Canvas account, especially if it asks you to "verify your identity."
Whether you're looking for a password leak checker or just want to stay informed about the latest 2026 breaches like Nike and CarGurus, we are here to help. Check your status now and don't let your academic future become a hacker's playground.