Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: education (4 articles)Clear

ShinyHunters leaks Moody Bible Institute data on 2.3 million students and donors

The extortion group ShinyHunters has published data stolen from Moody Bible Institute, a Chicago-based Christian college, after a "pay or leak" campaign. Have I Been Pwned indexed more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, and dates of birth belonging to students, alumni, donors, and supporters. ShinyHunters claimed a much larger haul spanning enrollment, donor, payroll, and communications systems, and some reporting ties the intrusion to the same ShinyHunters campaign that exploited an Oracle PeopleSoft flaw. Most of the leaked email addresses had already appeared in earlier breaches, raising the risk of credential stuffing and targeted phishing.

Check
People connected to Moody Bible Institute as students, alumni, donors, or staff should watch for a notification, be alert to phishing referencing the school, and check Have I Been Pwned.
Affected
Students, alumni, donors, and supporters of Moody Bible Institute whose contact details and dates of birth were exposed (over 2.3 million emails); the data supports credential stuffing and convincing phishing.
Fix
Affected people should reset any reused passwords, enable multi-factor authentication, and treat school-themed messages with caution. Organizations should secure SaaS and HR platforms, enforce MFA, and harden against social-engineering-driven data theft.

K-12 platform Infinite Campus breach confirmed, 137,000 student-linked accounts

Have I Been Pwned has confirmed 137,123 accounts exposed in a breach of Infinite Campus, a widely used K-12 student information system in the US. The extortion group ShinyHunters claimed the attack back in March, posting that it had stolen personal data and internal corporate information. Because student information systems hold sensitive records on minors and their families, exposed data raises the risk of identity theft and highly targeted phishing aimed at parents, students, and school staff. The incident fits the same ShinyHunters data-theft pattern seen across the education sector this year, including the much larger Canvas breach.

Check
School districts using Infinite Campus should confirm whether their tenant was affected and notify families; individuals should watch for phishing or fraud referencing schools, student accounts, or enrollment.
Affected
Students, parents, and school staff whose data is held in affected Infinite Campus deployments (137,123 accounts confirmed); minors' records carry long-term identity-theft risk.
Fix
Reset exposed credentials, enable MFA on school and family accounts, and brief parents and staff to verify any school-related message before clicking. Districts should review SaaS access controls and export limits.

Instructure paid ShinyHunters' ransom to stop the 3.65TB Canvas data leak, and the US Congress launched an inquiry the same day

Update on the Canvas breach covered May 4, 8, and 12: Instructure paid an undisclosed ransom to ShinyHunters on Tuesday to stop publication of the 3.65 TB dataset covering 8,809 educational organizations and 275 million students and staff. Hours later, the US House Education Committee launched a formal inquiry requesting testimony from Instructure leadership about the breach and the decision to pay. This is the largest known education-sector ransom payment. The FBI's 'don't pay' guidance now collides with Congressional scrutiny of the payment decision.

Check
Contact Instructure for written confirmation your school's data is off the leak schedule. Check Canvas API logs for bulk exports between February and April.
Affected
8,809 schools, universities, and training organizations on Canvas. K-12 districts face state student-privacy obligations (NY 2-d, SOPIPA, ~130 statutes) independent of payment. Universities face FERPA obligations.
Fix
Issue COPPA and FERPA notifications per state timelines regardless of ransom payment - the data was already exposed before the deal. Rotate Canvas API keys and re-authorize integrations.

Udemy customer and instructor data leaked publicly after ShinyHunters' extortion deadline expires - 1.4 million records including PayPal payout details

Online learning giant Udemy's customer and instructor data was leaked publicly today after the company refused to pay ShinyHunters' extortion demand. Have I Been Pwned added the breach yesterday with 1.4 million unique email addresses. The dataset goes well beyond contact information: it includes full names, physical addresses, phone numbers, employer details, and instructor payout methods - PayPal email addresses, mailing addresses for cheques, and bank transfer details. Udemy was listed on ShinyHunters' 'pay or leak' portal April 24 with a three-day deadline. The company has not publicly confirmed the breach or said how attackers got in.

Check
Reset your Udemy password if you have an account, especially if you're an instructor with payout details on file, and watch for highly targeted phishing.
Affected
Udemy customers and instructors with accounts before April 2026, particularly instructors whose PayPal addresses, cheque mailing addresses, and bank transfer details are in the leak. Any organization using Udemy for staff training has employee details exposed and should expect tailored phishing referencing real course history.
Fix
Reset Udemy passwords and rotate any password reused on other accounts. Instructors should monitor PayPal and bank accounts and contact PayPal to flag the email as compromised. Brief staff that any 'Udemy' email referencing their real course history is potentially hostile - go to udemy.com directly rather than clicking links. Add Udemy lookalike domains to your DMARC monitoring.