How ShinyHunters hacked the world's biggest universities

How ShinyHunters hacked the world's biggest universities

From Smashing Security by Graham Cluley

May 13, 2026 · 1h 4m · Episode 467

About this episode

This episode discusses the largest educational data breach in history and features a conversation about AI in cybersecurity.

Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous finance expert's face has been showing up on Facebook adverts promising hot stock tips and exclusive WhatsApp investment groups. Spoiler: it isn't him, the tips aren't real, and you're about to be scammed. Plus we chat to Mike Nichols of Elastic, about how the SOC isn't dying, attackers and defenders are both deploying AI agents, and how the real security crisis is no longer human users - it's the bots acting on their behalf. All this and more in episode 467 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer. EPISODE LINKS: ICO fines South Staffordshire £963K over 2022 breach - The Register. US bank reports itself after AI customer data mishap - The Register. Hackers abuse Google ads, Claude.ai chats to push Mac malware - Bleeping Computer. Canvas…

People in this episode

Host: Graham Cluley

Guest: Danny Palmer

Topics covered

  • data breach
  • cybersecurity
  • AI in security
  • scams
  • education
  • hacking

Keywords

  • data breach
  • Canvas hack
  • cybersecurity
  • AI agents
  • scams
  • Ivy League
  • education
  • hacking

Mentioned in this episode

Organizations: Canvas, Elastic, ICO, The Register, Bleeping Computer, CNN, BBC News

Places: Ivy League

More episodes of Smashing Security

Explore listener stats, chart rankings, contacts and more on the Smashing Security podcast page.