Baylor Students Navigate Delayed Finals Amid Serious Cyberattack Chaos

Finals week is stressful enough, but now Central Texas college students have to worry about their information being released on the Dark Web.

Baylor One of Many Universities Targeted in a Cyberattack

The global educational community is currently reeling from a massive cyberattack that targeted Instructure, the parent company of the Canvas learning management system. The breach, which occurred during the critical final exam week for thousands of schools, has disrupted operations at universities ranging from Baylor University in Waco, to Harvard and Stanford.

A Campus in Crisis: The Baylor Response

At Baylor University, officials were forced to issue an emergency warning to students and faculty as the platform went dark. The university’s IT department urged users to avoid interacting with any suspicious links or messages within the system, a move designed to prevent "spear-phishing" attacks. With Canvas serving as the primary hub for grades, lecture videos, and digital assignments, the outage has created a logistical nightmare for students trying to complete their degrees.

Exams Delayed at Baylor University

On its Facebook page, Baylor posted that final exams scheduled for today/Friday would be delayed due to the Canvas hack. Some of the people commenting on the post suggested going "old school" by having students take exams with Scantrons (like WE did back in the day.) Baylor said an update would be given by noon Friday.

Inside the Breach: The ShinyHunters Profile

The hacking group ShinyHunters, a notorious financially motivated group active since 2019, has claimed responsibility for the intrusion. According to threat analysts at Emsisoft, the group claims to have stolen 3.65 TB of data, impacting nearly 9,000 schools worldwide and potentially exposing the records of 275 million individuals.

How They Break In

Unlike traditional hackers who "break in" through software bugs, ShinyHunters specializes in exploiting the "doors left open" in modern cloud architecture. They rely on:

OAuth Token Theft: Stealing the digital "keys" that allow apps to talk to each other.

SaaS Misconfigurations: Finding settings in platforms like Salesforce or Workday that grant too much access.

AI-Powered Vishing: Using deepfake voice technology to trick employees into handing over credentials.

A Pattern of Global Infiltration

The attack on Canvas is part of a broader 2025–2026 campaign that has targeted some of the world’s most powerful brands. According to DoControl, in just the last year, ShinyHunters successfully breached Salesforce, Google, Louis Vuitton, Adidas, and Jaguar Land Rover. These attacks typically follow a "pay or leak" model; for the Canvas breach, the group has set a final ransom deadline of May 12, 2026, threatening to publish billions of private messages and student ID numbers on the dark web if their demands are not met.