The MSP Minute ⏱ Friday 8 May 2026
For Managed Service Providers worldwide. Today... the world's most widely used education platform got breached (twice)... Huntress with more distributors... and Google's helping itself to 4GB of space
🔴 280 million student records stolen… and the platform that got breached thought it had contained the attack
This is a developing story.
ShinyHunters breached Instructure, the company behind Canvas, the learning management system used by 41% of higher education institutions in North America and thousands of schools globally. Data on 280 million students and staff across 8,809 institutions has been stolen. Names, email addresses, student IDs, and private messages between students and teachers. BleepingComputer
On May 2, Instructure said the incident was contained. On May 7, ShinyHunters replaced the Canvas login page with a ransom demand (for the second time) demonstrating publicly that it wasn’t.
Harvard, Duke, Penn, and thousands of other institutions woke up yesterday to find their students locked out during final exams. The deadline to pay is May 12. Krebs on Security
🟡 Huntress just got a lot easier to buy, through distributors MSPs already use
Good news if you’ve been thinking about buying from Huntress.
It announced four new distribution partnerships this week: Ingram Micro, Vertosoft, Liquid PC, and QBS Software. Channel Dive
Huntress currently protects more than 250,000 organisations and 5 million endpoints. The VP of Channels was explicit that this isn’t a move away from MSPs… it’s a move toward reaching more of them, faster, with less friction.
If Huntress is already in your stack, nothing changes. If it isn’t, it just got easier to add.
🟢 Google’s been quietly helping itself to 4GB of your clients' hard drives. Surprise!
It turns out Google Chrome has been silently downloading a 4GB AI model (Gemini Nano) onto user devices without asking. No notification or consent prompt. And if you find it and delete it, Chrome just downloads it again. The Register
The kicker: the “AI Mode” button now visible in Chrome’s address bar doesn’t even use the local model. Every query still gets sent to Google’s servers anyway. So Chrome is filling 4GB of your clients’ hard drives with an AI model that their browser’s own AI feature doesn’t actually use.
Google’s response: this has been happening since 2024, and there’s now a setting to turn it off. You’re welcome.
Hooray, we made it to Friday! Hope you have an easy one today. We’ll be back in your inbox on Monday morning. Enjoy.