BC NEWS
UBC Issues Emergency Security Warning Following Global Canvas Cyberattack
UBC warns students to change passwords after a massive global Canvas cyberattack by ShinyHunters impacts 15,000 institutions and 275 million records.
Immediate Precautions for UBC Students
The University of British Columbia (UBC) has issued an urgent security warning to its student body and faculty following an apparent cyberattack targeting Canvas, the university’s primary learning management platform. In an official communication shared via social media and the university’s IT status page, officials confirmed that the platform is currently unavailable due to a significant breach involving Instructure, the third-party provider that operates Canvas. UBC community members have been explicitly instructed to refrain from logging into the service until further notice. For those who were already logged in during the time of the breach, the university is mandating an immediate logout and a comprehensive password reset of Campus-Wide Login (CWL) credentials.
A Massive Global Data Theft
While the local impact at UBC is currently being assessed, reports suggest that this incident is part of a much larger, global security crisis. Cyber-intelligence outlets, including TechCrunch and Hackread, have reported that a notorious threat actor known as ShinyHunters claims responsibility for the intrusion. The scale of the theft is staggering: approximately 3.65 terabytes of data involving 275 million records have allegedly been exfiltrated from Instructure’s systems. This breach is estimated to affect around 15,000 educational institutions worldwide, ranging from the University of Oxford and Cambridge in the UK to Harvard, Stanford, and Columbia in the United States.
The Sensitive Nature of Stolen Data
What makes this particular cyberattack especially concerning is the depth of the data involved. According to security researchers, the stolen records go beyond basic directory information. The breach reportedly includes billions of private messages exchanged between students and instructors, potentially exposing sensitive academic discussions, personal grievances, and confidential grading information. At UBC, the IT team is asking any students who logged into the system after 12:00 p.m. on the day of the attack to contact security@ubc.ca immediately. As the university works alongside global security experts to mitigate the fallout, students are encouraged to remain vigilant against phishing attempts and monitor their accounts for any unauthorized activity.