GoReact incident

Instructure (Canvas) Data Breach & Product Outage

Minor Ongoing View vendor source →

GoReact is currently experiencing a minor incident affecting EchoVideo - US and EchoVideo - EU and 1 more component, which began 1d ago. The vendor's full update timeline is below.

Started
May 07, 2026, 11:48 PM UTC
Resolved
Ongoing
Duration
● 1d 3h
Detected by Pingoru
May 07, 2026, 11:48 PM UTC

Affected components

EchoVideo - USEchoVideo - EUEchoVideo - CAEchoVideo - APACEchoVideo - APAC (Access)EchoVideo - APAC (Capture)EchoVideo - APAC (Playback)EchoVideo - APAC (Engagement)EchoVideo - APAC (Administration)EchoVideo - APAC (Reporting)EchoVideo - APAC (Search)EchoPoll - USEchoPoll - EUEchoPoll - APACEchoExam - USEchoExam - EUEchoExam - APACEchoInk - USEchoInk - US (API)EchoInk - US (Habitat)EchoInk - US (Web Reader)EchoInk - US (Axis Web Reader)EchoInk - US (InkForms)EchoInk - US (Analytics)GoReact - USGoReact - EUGoReact - APACGoReact - APAC (Data API)GoReact - APAC (Website)Point Solutions - USSearchSearch (United States)Search (Canada)Search (Europe & Middle East)Search (EU)Search (Asia Pacific)Point Solutions - EUPoint Solutions - APACPoint Solutions - APAC (Account)Point Solutions - APAC (Learner)Point Solutions - APAC (Instructor)Point Solutions - APAC (Authentication)Point Solutions - APAC (Production Release)

Update timeline

  1. monitoring May 07, 2026, 11:48 PM UTC

    Instructure (Canvas) is currently undergoing a data breach (separate from the one earlier this week) and the attackers have gained control of many Canvas instances. Users of these instances will not be able to sign in or access any content. Data syncs (either to or from Canvas) are presumed non-functional at the moment. We are actively monitoring the situation as it develops.

  2. monitoring May 08, 2026, 01:51 PM UTC

    In light of the recently reported global security incident involving Instructure Canvas, Echo360 is recommending that customers immediately disconnect their Canvas integration as a precautionary measure while the situation continues to be evaluated. While no Echo360 systems are affected, Echo360 is also prepared to disable integrations from our side where appropriate to help minimize potential risk. We will continue to monitor the situation closely and provide updates as more information becomes available. Please reach out directly to [email protected] for any assistance you require with working through this.

  3. monitoring May 08, 2026, 04:18 PM UTC

    Instructure has provided additional details regarding the recent Canvas security incident, including that the activity originated through Free-For-Teacher accounts and that they have no current evidence of persistence or broader credential compromise. Free-For-Teacher accounts have been disabled as part of their containment efforts. As previously communicated, Echo360 has no evidence that any Echo360 systems, customer environments, or integrations have been compromised. Our recommendation to temporarily disconnect Canvas integrations remains precautionary while institutions evaluate their own security posture and risk tolerance. We continue to actively monitor the situation and will provide additional updates as more information becomes available from Instructure.