Graham BallantyneMay 10
Zack Whittaker

Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.

But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.

The page is here, FYI: https://www.instructure.com/incident_update

Security Incident Update & FAQs

Instructure
May 9 at 10:16pmWeb
Show threadThomas StrömbergMay 9
@zackwhittaker My favorite part is that several school districts migrated from PowerSchool to Canvas because the former* was hacked.
Show threadHugs4friends ♾🇺🇦 🇵🇸😷May 10
@thomrstrom Former was hacked @[email protected]
Show threadNatTheCatMay 9
@zackwhittaker smells fishy....
Show threadgrey May 9
@zackwhittaker They were hacked 3 times. Once in Sept 2025, Once around April 30th, and again May 7th.
Show threadDianeMay 9

@zackwhittaker

Did they mean to tag it no content?

That was a lot of meaningless corporate BS

Show threadBob K Mertz May 9
@zackwhittaker
I like the misleading FAQ about data being taken and the answer narrows the scope drastically in hopes you didn't catch what they did
Show threadBenjaminMay 10

@zackwhittaker Have already had schools reaching out to say, "But no financial information was accessed," when, at least where I am, we've never entered any financial information into Canvas.

I'm more concerned about all the other back-end personal data loaded into Canvas from elsewhere that can't be changed with a phonecall to a bank.