A hacking group known as ShinyHunters has returned stolen data to Instructure, the parent company of the Canvas learning management system. The cyberattack, which affected nearly 9,000 organizations, resulted in the theft of 3.65 terabytes of data, including usernames, email addresses, course names, and messages.
According to a screenshot obtained by CNN, ShinyHunters initially demanded a ransom from Instructure, threatening to leak the stolen information if their demands were not met by Thursday (May 12). Instructure confirmed that it reached an agreement with the hackers to prevent the data from being leaked. The company stated that the stolen data was returned along with digital confirmation of its destruction.
Instructure emphasized that no passwords, government identifiers, or financial information were compromised. However, the breach has raised concerns about potential phishing attacks, as the stolen data could be used to impersonate school officials or conduct targeted scams.
The breach was initially contained, but a second wave of unauthorized activity was detected on Thursday (May 7), defacing Canvas login portals at 330 institutions. In response, Instructure temporarily shut down Free-For-Teacher accounts and implemented additional security measures.
The FBI is involved in the investigation and has advised impacted individuals to be cautious of potential scams. Instructure has assured customers that Canvas is now fully operational and has pledged to improve its cybersecurity measures to prevent future incidents.
Recent Comments