There are indications that user data from the online learning platform Canvas has been compromised. Canvas is used by many schools, colleges and universities, including in Belgium. The hacker group ShinyHunters claims to have stolen data from a large number of users worldwide.
The Centre for Cybersecurity Belgium (CCB) is monitoring the situation and will contact the Belgian schools affected.
What has happened?
The US company Instructure, the creator of Canvas, confirmed a cybersecurity incident on 1 May 2026. According to Instructure, names, email addresses, student numbers and messages between users may have been compromised. The company reports that there are currently no indications that passwords, dates of birth, official identity numbers or financial data are involved.
The hacker group ShinyHunters claims responsibility and asserts that the data involves 275 million users and thousands of educational institutions worldwide. These figures are claims made by the hackers and have not been independently verified.
Who are ShinyHunters?
ShinyHunters is a criminal hacking group known for data theft and extortion. The group steals data from organisations and threatens to publish or sell it if a ransom is not paid.
In Belgium, the name ShinyHunters previously came to light in connection with the data breach at the Dutch telecoms provider Odido. According to reports, data belonging to Belgian citizens was also involved in that incident.
What is the CCB doing?
The Centre for Cybersecurity Belgium is monitoring the situation. The CCB will contact Belgian educational institutions that may have been affected. The institutions themselves remain the first point of contact for their students regarding the specific impact on their data.
What should affected students look out for?
If your details, such as your name, email address, student number or messages, have been compromised, criminals can use that information to create convincing phishing messages. You should therefore be extra vigilant about messages purporting to come from your school, Canvas, a lecturer, student administration or another official service.
Pay particular attention to:
1. Messages that appear urgent
Be wary of emails or text messages stating that you must log in immediately, ‘reactivate’ your account or make a payment quickly.
2. Links to fake login pages
Do not simply click on links in messages. Go to your school’s or Canvas’s official website or app yourself.
3. Requests for your password or codes
A school, teacher or helpdesk will never ask you to send your password or two-step verification code.
4. Messages that use personal information
Phishing can seem more credible if criminals know your name, school, course or student number. Even a message containing correct personal details can be fake.
5. Attachments or downloads
Do not open unexpected attachments, especially if the message is urgent or feels unusual.
What can you do now?
- Follow your school’s official communications.
- Change your password if your school asks you to, or if you use the same password elsewhere.
- Use a unique password for Canvas and your school account.
- Enable two-step verification where possible.
- Do not click on suspicious links.
- Forward suspicious messages to suspicious@safeonweb.be and then delete them.
Have you entered your password on a suspicious website? Change it immediately and notify your school’s IT department.
