Access to an online portal used by universities across the country, including schools in Missouri, has been restored following a cyberattack.
Instructure, the parent company behind course management portal Canvas, announced the hack Thursday. The portal provides course materials and notes used by students, teachers and professors. More than 8,000 schools use the portal. Instructure developers said Thursday evening that most of its services were back online.
ShinnyHunters, the computer hacker network, published a ransom note claiming to have stolen data from its users and threatening to publish it by May 12.
"I don't know whether it will happen or not, but also [whether] there is any negotiation, we don't know yet," University of Missouri Science and Technology professor Sejun Song said.
The group, which is primarily made up of teenagers and young adults from the US and the United Kingdom, also made headlines for hacking Ticketmaster in 2024.
Song said the hackers exploited vulnerabilities within the Canvas portal through the company's Free-for-Teacher accounts.
The University of Missouri-St. Louis said Friday morning that the software is back online. The university said it will monitor updates and assess any potential impact on operations.
A spokesperson for St. Louis University said it also will continue to monitor the situation. "The university communicated with students, faculty and staff during the disruption and focused on supporting teaching and learning as access was restored," a spokesperson for SLU said.
Song said the ransomware attack differs from other attacks because the hacker group did not encrypt its files; instead, it stole a large amount of data and threatened to publish it unless an agreement is reached.
The breach came during an inopportune time when most universities are in the middle of final exams.
Song said he's also worried about potential copycat and sequel attacks.
ShinnyHunters claims to have stolen the records of almost 300 million users. Instructure said there's no evidence that financial data, passwords or Social Security numbers were compromised.
Song suggested stronger security measures are needed to prevent future attacks, including utilizing Zero Trust Architecture, which requires authentication for everyone in the same network. He also recommends stronger API tools, which build and maintain connections between programs.
Song said he's paying attention to future attacks that involve artificial intelligence.
"What I'm really worrying about is the possibility of marrying with AI tools and then future exploitation," Song said. "Those things will break all the systems; those things are really worrisome."
Copyright 2026 St. Louis Public Radio
