Canvas Outage Disrupts San Jose State Students

Canvas is the place where a lot of college life actually happens now — assignments, grades, study guides, class messages, exam reviews. So when it went down across San Jose State and other Bay Area campuses this week, the problem was not just “the website is broken.” It landed right before finals, when students needed course materials most. The bigger shift is that this was not a random outage. It followed a confirmed security incident at Instructure, the company behind Canvas. (status.instructure.com) ### What broke at San Jose State? San Jose State was one of several schools hit when Canvas access was disrupted after the breach. Students suddenly could not reliably get to assignments, grades, discussion boards, or study materials. NBC Bay Area’s reporting from campus captured the timing problem clearly — projects were due, finals were starting next week, and some review materials were only available inside Canvas. (nbcbayar([status.instructure.com)-students-bay-area/4081456/)) ### Who was behind it? A hacking group called ShinyHunters claimed responsibility. KQED reported that the group said it had taken data from Instructure and was demanding a ransom to stop the release of that information. The same report said the group claimed the breach could affect nearly 9,000 schools worldwide and involve data tied to 275 million individuals. That number is the hackers’ claim, not a final audited count — but it shows why campuses reacted fast. (kqed.org) ### What data may be exposed? At San Jose State, the warning to students and faculty was pretty specific. The school said cybercriminals might have access to names, email addresses, student ID numbers, and user messages. That is not the same thing as passwords or bank details. CSU officials said Instructure told them there was no evidence that passwords, S(kqed.org)atters, because it is perfect fuel for impersonation scams. (nbcbayarea.com) ### Why did schools take Canvas offline? Because a live platform during a security incident can become part of the problem. The University of California system said Canvas access would not be restored until it was confident the system was secure. Instructure’s own status page shows a weird sequence that makes the situation feel confusing from the outside — on May 6 it said the security inci(nbcbayarea.com)efore bringing service back for most users later that night. Basically, schools were choosing caution over convenience. (status.instructure.com) ### Why are professors extending deadlines? Because Canvas is not just a digital filing cabinet. It is the class. If a student cannot open the study guide, submit the assignment, or even see what changed in the course shell, normal deadlines stop making sense. NBC Bay Area quoted San Jose State engineering professor Ahmed Banafa saying he had already given extensions. That is the practical campus-level response while the platform and the breach details are still unsettled. (nbcbayarea.com) ### Why is phishing the next problem? Because stolen school data lets scammers sound believable. A fake email that knows your name, school, professor, or student ID context is much more convincing than a generic spam blast. Banafa warned that attackers could pose as IT, professors, or the university and try to get people to click links or hand over more information. That is the catch with i(nbcbayarea.com)st longer. (nbcbayarea.com) ### So what changed by the end of the day? Instructure said Canvas was available for most users again by the night of May 7, though Beta and Test stayed in maintenance. But “available” is not the same as fully resolved for every campus, and Instructure also said it would keep communicating directly with impacted customers about organization-specific fallout. In other words, the login page may come back before the trust problem does. (status.instructure.com) ### Bottom line San Jose State students got a sharp reminder that when one learning platform becomes essential infrastructure, one vendor breach can scramble finals week for thousands of people at once. The immediate problem is access. The lingering one is whether the stolen data turns into the next wave of phishing and campus confusion. (kqed.org)