RICHMOND, Va. (WRIC) -- Canvas, the online learning system used by thousands of schools, is back online after a cyberattack shut it down. In the aftermath, security experts say users are now exposed to more attacks from the group taking responsibility for the hack. Cybersecurity expert and Universi ty of Richmond associate professor Tom Mattson said that while Canvas does not store much personal data, like Social Security Numbers, it does store email addresses and private messages. Cyber criminals can use those to impersonate school officials and trick users into sharing information. "They're basically attempting to extort universities to pay, or else we will leak the information associated with your institution," Mattson said. In early May, the database of Canvas's parent company, Instructure, was breached. On Thursday, May 7, the site was down for tens of thousands of students, and briefly showed a message from the group taking responsibility for the hack. "This group, Shiny Hunters, claims to have infiltrated this system that Instructure operates on, and that exposed millions of user IDs. Which isn't necessarily so bad," Mattson said. "It's the private messaging between faculty, between staff and whatever the platform happens to be used for.” The hack came at the same time most students were taking final exams and submitting their last assignments, adding to the chaos. Later that day, Instructure said the site was back up for most users. However, Mattson said there is still a threat to users. "With all of these private messages now that Shiny Hunters has, they can craft some wonderfully believable messages to students, masquerading as the professor, masquerading as the teaching assistant," Mattson said. "And the student really would have no reason to believe they're not authentic messages." Phishing attempts like the ones Mattson describes can expose information that hackers could not get directly from Canvas. "If there is an automated email coming from Canvas, ignore that email, especially any type of email that might be asking for credentials, asking for a login," Mattson said. "Be ultra, ultra cautious about clicking on that. Go directly to your institution's Canvas website and log in that way." Mattson also suggested that users change their user ID and password and enroll in multi-factor authentication. ...read more read less