You may be aware of the security incident affecting Canvas LMS (Instructure), which was disclosed on April 29, 2026, and involved unauthorized access to certain user data, including usernames, email addresses, course names, and enrollment information.
Codio is not affected by this incident. Our platform and customer data are fully secure.
For customers who use Codio integrated with Canvas via LTI, no immediate action is required on your end. Instructure has confirmed that the incident did not compromise core learning data or LTI credentials, and there is no indication that LTI key rotation is necessary at this time.
That said, if you are using LTI 1.x and would like to proactively rotate your LTI keys as a precaution — for example, if your institution requires it following a third-party security incident — our documentation shows you where to find your Secret key here. Once you have reset the Secret, you will have to update the information in Canvas.
We'll continue monitoring the situation. If anything changes that requires action from Codio customers, we'll communicate it directly.
