What is the nature of the attack on Canvas?

The attack is a data extortion attack by the cybercrime group ShinyHunters.

Which sensitive information was compromised in the attack?

The stolen information includes names, email addresses, student ID numbers, and messages among users.

How many educational institutions have been affected by this attack?

Nearly 9,000 educational institutions in the United States have been affected.

Who is behind the attack on Canvas?

The attack was carried out by the cybercrime group ShinyHunters.

When did the attacks on Instructure begin?

The attacks on Instructure began months prior to the reported data extortion attack on Canvas.

Data Extortion Attack Disrupts Canvas Education Platform

Cybercrime group ShinyHunters compromises sensitive information of millions of students and faculty across 9,000 US institutions. Instructure responds by disabling the Canvas platform.

The education technology platform Canvas has been disrupted by a data extortion attack from the cybercrime group ShinyHunters, which has compromised sensitive information for millions of students and faculty across nearly 9,000 educational institutions in the United States. The attack began when ShinyHunters defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty unless paid a ransom.

The cybercrime group has been targeting Canvas parent firm Instructure for months, with at least two previous breaches occurring in May. The latest attack comes as many schools and universities are in the middle of final exams, making it an especially challenging time for Instructure to respond to the breach.

What Happened

The data extortion attack began when ShinyHunters defaced the Canvas login page with a ransom demand that threatened to leak sensitive information unless paid a ransom. The group claimed responsibility for the breach and stated that they would leak data on tens of millions of students and faculty unless Instructure paid a ransom. The initial deadline for payment was set at May 6, but it was later pushed back to May 12.

Instructure responded to the attack by disabling the Canvas platform, which is used by thousands of schools, universities, and businesses to manage coursework and assignments, as well as communicate with students. The company acknowledged a data breach earlier in the week and stated that the stolen information includes "certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users."

However, by mid-day on Thursday, May 7, students and faculty at dozens of schools and universities were flooding social media sites with comments saying that a ransom demand from ShinyHunters had replaced the usual Canvas login page. Instructure responded by pulling Canvas offline and replacing the portal with the message, "Canvas is currently undergoing scheduled maintenance. Check back soon."

Background and Context

The cybercrime group ShinyHunters has been targeting Instructure for months, with at least two previous breaches occurring in May. The group specializes in data theft and extortion, typically gaining access to companies through voice phishing and social engineering attacks that often involve impersonating IT personnel or other trusted members of a targeted organization.

ShinyHunters has claimed credit for several major cybercrime campaigns, including the breach of home security giant ADT, which compromised personal information on 5.5 million customers. The group has also targeted high-profile organizations such as Medtronic, Rockstar Games, McGraw Hill, 7-Eleven, and the cruise line operator Carnival.

In February, a ShinyHunters spokesperson told The Daily Pennsylvanian that Penn failed to pay a $1 million ransom demand. On March 5, ShinyHunters published 461 megabytes worth of data stolen from Penn, including thousands of files such as donor records and internal memos.

Why It Matters to the Industry

The attack on Canvas highlights the growing threat of cybercrime groups targeting education technology platforms. The breach has disrupted classes and coursework at school districts and universities across the United States, making it an especially challenging time for Instructure to respond to the breach.

The attack also raises concerns about data security in the adult industry, where sensitive information is often shared among performers, producers, and other stakeholders. The use of education technology platforms like Canvas may be more widespread than expected, with many companies using similar software suites for human resources management and financial operations.

What Comes Next

The future of the attack on Canvas remains uncertain, but it is clear that Instructure has a significant challenge ahead in responding to the breach. The company has acknowledged a data breach and stated that the stolen information includes sensitive information such as names, email addresses, and student ID numbers.

ShinyHunters has claimed credit for the hack and has threatened to leak data unless paid a ransom. However, it is unclear whether Instructure will pay the ransom or take other measures to respond to the breach.

Key Facts

The cybercrime group ShinyHunters has compromised sensitive information for millions of students and faculty across nearly 9,000 educational institutions in the United States.
The attack on Canvas began when ShinyHunters defaced the service's login page with a ransom demand that threatened to leak data unless paid a ransom.
Instructure has acknowledged a data breach and stated that the stolen information includes sensitive information such as names, email addresses, and student ID numbers.
ShinyHunters has claimed credit for several major cybercrime campaigns, including the breach of home security giant ADT and high-profile organizations such as Medtronic and Rockstar Games.
The attack on Canvas highlights the growing threat of cybercrime groups targeting education technology platforms.