Nothing excited me — a freshman who just finished his second semester of college — more than returning to shenanigans with my hometown friends. But even though I was finally home, all my friends were still grinding away at their exams.
Except they weren’t.
ShinyHunters, an international black-hat hacker group — meaning it targets institutions for profit, personal motive or to cause damage — had taken down Canvas, an online interface 41% of American colleges use to administer quizzes, track grades and, most importantly, publish study resources.
The group’s full size and membership are unclear, but revealed and arrested members have largely been college students from the U.S. and France, raising the question of why the hackers would target a system they seem to subscribe to.
ShinyHunters and other affiliated groups have been well-known for “hacktivism,” using breaches in online security to intensify pressures for societal change. One salient defense of hacktivism: These attacks go beyond the barrier of performative activism and hit the targets where it really hurts.
Although the hackers’ intent isn’t public, Instructure — Canvas’ parent company — has already been breached twice beforehand by the same group.
One thing stood out to me each time the hackers demanded money in increasing quantities. Even if the group is motivated solely by profit, what does this tactic reveal about colleges and their money-making backgrounds?
As it turns out, it reveals quite a lot.
When ShinyHunters demanded a ransom from Instructure, the group wasn’t just exploiting a security vulnerability. It was — however inadvertently — illuminating something universities would rather keep quiet: Student data is extraordinarily valuable.
Canvas isn't simply a homework portal. It’s a sprawling surveillance infrastructure, tracking every login timestamp, every quiz attempt, every minute spent on a reading, every discussion post drafted and deleted.
Instructure's own investor materials describe this behavioral data as central to its product's value proposition. The hackers named a price because there was a price to be named.
This is the logic of surplus value applied to the classroom. In the Marxist sense, surplus value is the difference between what a worker produces and what they are compensated for — the gap that capital quietly pockets.
Students pay tuition to access education, but the transaction doesn't end there. Every interaction with Canvas produces data Instructure monetizes through analytics products, licensing agreements and partnerships with third-party edtech firms.
Students are simultaneously the consumer and the raw material. They pay to enroll, and they pay again in behavioral metadata they never agreed to sell.
This dynamic is not incidental to the for-profit education model — it’s foundational to it.
Instructure Holdings went public on the New York Stock Exchange in 2021, and its valuation rests not on the educational quality of its interface but on the scale and granularity of its data. Forty-one percent of American colleges means millions of students whose academic lives are continuously processed into marketable intelligence.
The universities themselves are complicit in this arrangement, licensing Canvas because it’s cost-effective and outsourcing their digital infrastructure to a publicly traded company whose fiduciary obligations are to shareholders, not students.
The hack reveals the ransom demand was less an innovation than a clarification.
ShinyHunters simply made the implicit transaction explicit: This data has a dollar value. Someone will pay to protect it, and that someone is not the student.
The universities scrambled, the administrators sent apology emails and my friends sat in limbo waiting to submit their finals — all so a data pipeline stretching from dorm rooms to Wall Street could be restored to working order.
The real scandal isn't that hackers broke into Canvas. It's that so few people find it scandalous Canvas was built this way to begin with.
Contact Sasha Morel at smorel@alligator.org. Follow him on X @BySashaMorel.
Sasha Morel is a sophomore at the University of Florida studying Politics, Philosophy, Economics, and Law, as well as Anthropology. His returning column focuses on policy analysis surrounding domestic, global, and local politics, with a focus on targeting root causes of common issues and highlighting unrepresented perspectives. Outside of the Alligator, Sasha is a nationally recognized debate coach for high schoolers across the US.
