Canvas-Hack
Dieses Biblionetz-Objekt existiert erst seit Mai 2026.
Es ist deshalb gut möglich, dass viele der eigentlich vorhandenen Vernetzungen zu älteren Biblionetz-Objekten bisher nicht erstellt wurden.
Somit kann es sein, dass diese Seite sehr lückenhaft ist.
Definitionen
On April 29, we detected unauthorized activity in Canvas by Instructure. This activity was carried out by a cybercriminal organization known for large-scale attacks across multiple sectors, including technology and education. In response, we promptly revoked the unauthorized party’s access, started an investigation, and engaged outside forensic experts.
Before we revoked their access, we know the actors responsible for this incident took data from the Canvas platform. We believe the information involved included information like usernames, email addresses, course names, enrollment information and messages. To date, our investigation has not identifi ed core learning data (course content, submissions, credentials) as involved. None of the data fi elds we understand to be impacted are intended to include information like passwords, dates of birth, healthcare information, social security numbers, fi nancial information, student grades or disciplinary records.
On May 7, 2026, the same threat actor gained additional access through a second Canvas vulnerability. The unauthorized actor made changes to the pages that appeared when some students and teachers were logged in through Canvas. Due to monitoring implemented after the fi rst attack, Instructure detected and disabled the second attack approximately 10 minutes after it began. No additional data was accessed or exfi ltrated in this second attack, but we chose to put Canvas into maintenance mode until we could verify both the scope of the attack and that the attackers’ access was fully closed.
As of May 9, 2026, Canvas is fully back online and available for use. We have since confi rmed that the unauthorized actor carried out this activity in both instances using one of our Free-For-Teacher accounts. We temporarily disabled Free for Teacher while we complete a full security review. We know that many educators rely on Free-For-Teacher, and so we are working on solutions that will allow us to bring it back online without exposing the rest of the Canvas community to undue risk.
Bemerkungen
Zitationsgraph
2 Erwähnungen 
- The Canvas Hack Confirmed Some Professors’ Fears. It Likely Won’t Change Anything. (Emmy Martin) (2026)

- Canvas Incident Fact Sheet (Canvas Instructure) (2026)



Biblionetz-History