Was Canvas Hacked? A Cybersecurity Breakdown

Added: 2026-05-10

[00:00:00]Yo, what is up everybody? Welcome back.

[00:00:02]Sorry, I should probably start doing my intro a little slower, but um I'm sure you guys have recently seen that Canvas got hacked. Now, um right after I go grab my Gatorade, I'm going to explain to you guys how this hack works and if it's dangerous or not. Okay. So, um the first thing I want to check out is um actually what this is looking like here. Let me go ahead and uh All right. So, >> seems that every university that uses canvas is currently dealing with a ransomware attack. Shiny Hunters, the hacker group has breached instructure, which I guess makes canvas.

[00:00:44]>> I want to point something out that this looks this entire like UI.

[00:00:51]That's not what a hacker would make it look like. This is intentionally giving off the oh, I'm a spooky scary hacker.

[00:00:58]Uh, you see the the styling of my text, be scared. Um, this was 100% written by AI. Um, and this is from the looks of it, this is not at all a data breach.

[00:01:13]And uh, I'll go ahead and explain why after I see this.

[00:01:15]>> They're not only ransoming instructure, who they say has until May 12th to deal with those demands. They're also have just published the entire list of impacted schools on the ransom demands and are saying that if any of those schools would like to reach out to make sure that their data is not leaked, uh, they can negotiate with them as well.

[00:01:42]So, if you or anyone you know goes to a school that >> So, like I said, this is most likely an XSS injection. And you know what? I'm going to set up a little playground so I can show you guys actually what happens with an XSS injection like that specifically. And uh we're going to go ahead and recreate it. I'm going to show you guys um what is actually going on here. All right. So over here we have an example of how an XSS exploit actually works. So um here I wrote up a small little JSON database. Um you guys don't have to know what that means, but basically this means that when I post something, it saves on the server. Now, because of how uh because of how HTML works, when you post something with a script tag or anything similar to that inside a box like this, it saves to the database. And when you press submit, nothing's going to happen. But when you refresh, you will see a screen that comes up saying, "Hey, oh, you know, things have been breached." So, I'm going to go ahead and write up a mockup index file real quick, and I will show you guys exactly how this works. Uh because this is nothing special. This this kind of stuff happens all the time.

[00:02:50]So um I'm going to uh let's let's go ahead and just do uh pay me 2,000 or you 2,000 USD to prevent uh prevent data leak or whatever. So now we're going to go ahead and test it. So basically what's going to happen here is we're going to post a script. This is called the payload. And this is this is like I said, this is HTML with a script tag with a little bit of coding inside of here. Um, so we're going to go ahead and press submit. And there we go. Just like that, whenever we refresh, because of how this works, the page will load and it will load that post which has the XSS injection in it.

[00:03:34]So that was a small little example. This is basically what's happening on Canvas.

[00:03:39]It's nothing special. These people just want money. They don't have any data on you guys. because they don't have any they don't have any of that. There's no data breach. It is a simple XSS injection exploit that is allowing them to replace the um replace the canvas screen. I'm going to try to explain this in the best way I can instead of like a nerd. But they replace the canvas screen with this. So there's that. And um anyways, I hope you guys enjoyed. Um leave a comment if you understood kind of what I was saying. But uh anyways, I hope you guys enjoyed. I will see youall on the next one. Take care.