ASU Finals Chaos: Canvas Cyberattack by ShinyHunters Disrupts Thousands at Arizona State University | 17GEN4 News

ASU Finals Chaos: Canvas Cyberattack by ShinyHunters Disrupts Thousands at Arizona State University | 17GEN4 News

TEMPE, Ariz. — May 8, 2026 — A sophisticated cyberattack on the widely used Canvas learning management system has thrown finals week into chaos at Arizona State University and its preparatory schools across the Valley, leaving thousands of students unable to access exams, submit coursework or view grades for much of Thursday.

The disruption, which began Thursday afternoon during the critical closing days of the spring 2026 semester, stems from a breach at Instructure, the parent company of Canvas — not ASU’s own systems. Users attempting to log in were redirected to a security incident notification screen or a ransom note from the hacking group known as “ShinyHunters,” who claimed responsibility and demanded payment to avoid leaking data on millions of users worldwide.

ASU officials moved quickly to mitigate the impact. In a statement, the university confirmed the incident was isolated to the third-party platform and said it is actively assessing any potential data compromise while working with students and faculty on alternative solutions.

Latest developments as of Friday afternoon:

Canvas services have been restored for most users after Instructure placed the platform in temporary maintenance mode and brought it back online late Thursday. However, ASU has canceled all exams originally scheduled through Canvas for Friday, May 8, and Saturday, May 9. Instructors are expected to notify students individually about adjusted grading plans, extended deadlines or alternative assessment methods for the remainder of the semester.

The attack affected not only ASU but also ASU Prep schools, Northern Arizona University and other Arizona institutions such as Mohave College. It rippled across more than 8,000 schools and 30 million users globally, disrupting finals at universities from Penn State to UMass Amherst.

ShinyHunters reportedly accessed non-sensitive data including names, email addresses, student IDs and private messages, though Instructure has stated that passwords and financial information were not compromised in the latest incident. ASU’s Enterprise Technology team continues to monitor the situation and has directed the community to its dedicated Canvas Incident 2026 page for updates.

Students and professors have taken to social media expressing frustration mixed with dark humor, with some sharing memes about the timing and others pleading for grade leniency. One ASU professor told reporters she was in the middle of final preparations when the platform suddenly displayed the hackers’ message.

University leaders have emphasized that no ASU-managed systems were breached and have pledged to support impacted students as the semester wraps up. Final grades for the spring term are still due in the coming days, with accommodations expected to be communicated soon.ASU and Instructure have not released a full timeline for any potential data notifications, but both say the investigation is ongoing.

17GEN4.com