Higher education has long been a target of ransomware gangs and data extortion attacks. But never before, perhaps, has a cyberattack against a single software platform so thoroughly disrupted the daily operations of thousands of schools across the United States.

The widely used digital learning platform Canvas was put into “maintenance mode” on Thursday after its maker, the education tech giant Instructure, suffered a data breach and faced an extortion attempt by attackers using the recognizable moniker “ShinyHunters.” Though the hackers have been advertising the breach and attempting to extract a ransom payment from Instructure since May 1, the situation took on additional immediacy for regular people across the US and beyond on Thursday because the Canvas downtime caused chaos at schools, including those in the midst of finals and end-of-year assignments.

Universities like Harvard, Columbia, Rutgers, and Georgetown sent alerts to students about the situation in recent days; other institutions, including school districts in at least a dozen states, also appear to have been affected. In a list published by the hackers behind the attack on their ransom-focused dark web site, they claim the breach affected more than 8,800 schools. The exact scale and reach of the breach is currently unclear, though. And the fact that Canvas was down throughout Thursday afternoon and evening further complicated the picture.

In a running incident update log that began on May 1, Steve Proud, Instructure’s chief information security officer, said that the company had “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.” He added on May 2 that “the information involved” for “users at affected institutions” included names, email addresses, student ID numbers, and messages exchanged by users on the platform.

The situation was ultimately marked as “Resolved” on Wednesday, with Proud writing that “Canvas is fully operational, and we are not seeing any ongoing unauthorized activity.” At midday on Thursday, though, the Instructure status page registered an “issue” where “some users are having difficulties logging into Student ePortfolios.” Within a few hours, the company had added another status update: “Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode.” Late Thursday evening, the company said that Canvas was available again “for most users.”

TechCrunch reported on Thursday that the hackers launched a secondary wave of attacks, defacing some schools’ Canvas portals by injecting an HTML file to display their own message on the schools’ Canvas login pages. According to The Harvard Crimson, attackers modified the Harvard Canvas login page to show a message that included a list of schools that the hackers claim were impacted by the breach.

The message from attackers “urged schools included on the affected list to consult with a cyber advisory firm and contact the group privately to negotiate a settlement before the end of the day on May 12—or else risk their data being leaked,” The Crimson reported. “It is unclear what information tied to Harvard affiliates was included in the alleged breach.”

Instructure did not immediately respond to a request for comment about Thursday’s outages and how they fit into the bigger picture of the breach. But the situation is significant given that a massive trove of student information has potentially been exposed, and the visibility of the incident across the country makes it a key example of a longstanding, yet endlessly escalating problem of data extortion and ransomware attacks.

The ShinyHunters name is associated with massive data dumps and has been linked to the infamous hacker collective known as the Com. But as the constellation of actors has shifted over the years, numerous attackers have taken up the most prominent Com-related monikers. A number of recent attacks have invoked other names, such as Lapsus$, with little or no connection to the original group that operated under the name.

OpenAI’s relationship with Microsoft, its longtime investor and cloud partner, has grown increasingly complicated over the years as the ChatGPT-maker has grown into a behemoth competitor.

But Microsoft executives had reservations about sending additional funding to OpenAI as far back as 2018 when it was just a small nonprofit research lab, according to emails between more than a dozen Microsoft executives, including CEO Satya Nadella, shown in a federal court on Thursday during the Musk v. Altman trial.

The emails show how Microsoft, at the time, wavered over what has since been held up as one of the most successful corporate partnerships in tech history. Several Microsoft executives said in the emails their visits to OpenAI did not indicate any imminent breakthroughs in developing artificial general intelligence. In 2017, much of OpenAI’s work was focused on building AI systems that could play video games, which showed early signs of success. But OpenAI needed five times more computing power than it had originally secured from Microsoft to continue the project.

Microsoft worried that not providing support could push OpenAI into the arms of Amazon, the world’s dominant cloud computing provider at the time. Roughly 18 months after the emails were sent, Microsoft announced a landmark $1 billion investment in OpenAI after the lab created a for-profit arm that provided the tech giant with the potential to generate a return of $20 billion.

Microsoft declined to comment.

Elon Musk’s attorneys introduced the emails to show Microsoft’s evolving relationship with OpenAI. After Musk reached out to Nadella, Microsoft in 2016 agreed to provide $60 million worth of cloud computing services to OpenAI at a steep discount. OpenAI consumed the services twice as fast as expected.

The email chain kicked off on August 11, 2017, with Nadella reaching out to OpenAI CEO Sam Altman to congratulate the lab on winning a video game competition using AI to mimic a human player. Ten days later, Altman responded seeking $300 million worth of Microsoft Azure cloud computing services.

“We could figure how to fund some of it but not that much,” Altman wrote, apparently seeking a financial handout and engineering help. “I think it will be the most impressive thing yet in the history of AI.”

Nadella asked four lieutenants for their input on how to respond three days later. Microsoft’s AI team saw “no value in engaging,” according to a response from Jason Zander, Microsoft’s executive vice president, that also documented how other teams felt. Its research team thought its own work was “more advanced,” while the public relation teams didn’t like the idea of supporting a group pushing the idea of “machines beating humans.” Ultimately, Zander suggested that Azure would benefit from associating with Musk and Altman but that he wouldn’t want to “take a complete bath,” or large financial hit, in doing so.

A subsequent analysis showed that Microsoft stood to lose about $150 million over several years if it provided the services Altman wanted, according to one email. “Unless he can help us draw a more direct networking effect with OpenAI -> Microsoft business value, we will wind up having to pass,” Zander wrote.

The thread went dark for several months, but was revived on January 10, 2018, with an email to Nadella from Brett Tanzer—who signed off his emails with “Brettt”—then a director on the Azure cloud unit. Altman had told Tanzer that OpenAI could license its gaming AI to Microsoft’s Xbox video game division in exchange for “$35-50 million in Azure Credits.” But Xbox couldn’t commit that much money. Microsoft planned to tell Altman there would be no more discounts after that March, per Tanzer’s email.

Brian Barrett: This is the first time I’ve thought about contact tracing in many years, and I was so happy not thinking about it for so long, because it is such a complicated process and something that is really hard work to do. Emily, given all of that, what is the level of concern here, given what the World Health Organization has said and other organizations? It sounds like cautious about it, but maybe not freak out time yet, but I defer to you because maybe that’s just me trying to make myself feel better.

Emily Mullin: No, I think you’re right. The hantavirus expert I spoke with said there have been past clusters of the Andes strain before, but not big outbreaks. And these clusters have tended to involve prolonged close contact with people suffering from the disease. This is a virus that does not spread nearly as efficiently as other respiratory viruses that we’re used to like Covid or flu, for instance. Hantavirus symptoms are also typically pretty severe. So this is not a virus, again, like Covid where lots of people are going around infected with the disease, spreading it asymptomatically without knowing about it. So that’s at least a little bit of comfort, even though the flip side of that is that the disease is quite severe. So the World Health Organization says the risk to the general public is currently low, and this is probably not another Covid situation.

Brian Barrett: Leah, how we feeling?

Leah Feiger: Not good, you guys. I don’t know. Are you kidding? How are you feeling? Maybe this is my moment to go, “Are you with me yet?”

Brian Barrett: No, I was good, but then Emily hit that probably pretty hard in a way that I suddenly felt a little more anxious.

Leah Feiger: Yeah, it was the swallowing of the probably.

Emily Mullin: That was me editorializing. The World Health Organization did not include the probably.

Brian Barrett: OK. What if they had it just in italics or big quotation marks? Like it’s “probably” fine.

Leah Feiger: I don’t know, guys. I think, one, I’m fascinated that there’s different strains of this. And it brought me back so early on to the armchair scientists in early Covid who were like, “No, no, no, this is totally fine.” So for there to officially be announced, yes, this is the strain that can get passed between humans, I think is notable at the very least. Got to give me that.

Brian Barrett: Oh, I think that’s true. And I think my open questions are, how long do these people have to stay on this ship before everyone says, “OK, you can go now,” or do they send them back to shore and just have them isolate for a certain amount of time? The contact tracing is concerning because again, I’m having flashbacks. But I do think the things that, Emily, that you said about how this is different from Covid in important ways in terms of how quickly it can spread, how easily it can spread, especially now that we have the mechanisms in place to do these contact tracing things, I’m going to remain on my not too worried yet.