May 14, 2026
Finals week meets ransom roulette
Deal reached with hackers to delete data stolen from the Canvas platform
Canvas says the hackers deleted student data — and commenters are absolutely not buying it
TLDR: Canvas says it made a deal with hackers to return and delete stolen student data, but admits it cannot be certain the files are truly gone. Online reaction was brutal, with many calling the move reckless theater and saying the company is trusting criminals while students pay the price.
The official story is wild enough: Canvas, the online classroom system many schools use for grades, assignments, and finals, says it reached a deal with the hackers who stole data and got back the files plus so-called "digital confirmation" they were destroyed. The problem? Even the company admits there is no guaranteed way to know the data is really gone. And that tiny detail is exactly why the comment section went full scorched-earth.
The loudest reaction was pure disbelief. Commenters basically heard, "Don’t worry, the criminals promised", and responded with a collective scream. One camp called the move stupid, illegal, and even compared it to rewarding bad behavior. Another said this feels less like protecting students and more like a company trying to protect itself after locking people out of a platform they depend on for classwork and finals. The hottest take? That paying hackers to "delete" data is like paying a burglar to forget your address.
And yes, the jokes wrote themselves. The phrase "shred logs" got the kind of reaction usually reserved for a bad reality TV excuse: people mocked the idea of cybercriminals handing over a neat little receipt for destruction. Beneath the snark, though, the anger is real. Students had names, email addresses, ID numbers, and messages exposed, and commenters are asking the painfully obvious question: if you can’t prove the data is gone, what exactly was this deal for?
Key Points
- •Instructure said it reached an agreement with the actor behind the Canvas cyberattack and that the stolen data was returned.
- •The company said it received digital "shred logs" indicating remaining copies of the data were destroyed, while acknowledging there is no way to be fully certain.
- •ShinyHunters claimed responsibility for the breach and threatened to leak data involving nearly 9,000 schools and 275 million individuals.
- •The exposed data appeared to include student ID numbers, email addresses, names, and messages, while Instructure said there was no evidence that passwords or financial information were compromised.
- •Canvas was temporarily taken offline during the investigation, disrupting access for students and faculty who use the platform for grades, materials, assignments, messaging, and some exams.