Explore

Rapid Read Rapid Read
Instructure Confirms Canvas Security Breach, Hackers Exploit Flaw to Deface Portals

Instructure Confirms Canvas Security Breach, Hackers Exploit Flaw to Deface Portals

Instructure, the developer of the Canvas learning management system (LMS), has confirmed a security breach that allowed hackers to exploit a vulnerability and deface login portals. The breach involved multiple cross-site scripting (XSS) vulnerabilities, enabling attackers to obtain authenticated admin sessions. Initially discovered on April 29, the breach led to the theft of over 3.6 terabytes of uncompressed data, which was later published by the hacker group ShinyHunters. The hackers used the same vulnerability to conduct a second attack on May 7, aiming to pressure Instructure into paying a ransom. The breach affected the Free-for-Teacher environment, a limited version of Canvas LMS. Instructure temporarily took Canvas offline to prevent further malicious activity and applied additional safeguards. The hackers' actions impacted 8,809 educational organizations, with stolen data including usernames, email addresses, and course information.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers to Secure Stolen Data from Canvas Platform

Instructure Reaches Agreement with Hackers to Secure Stolen Data from Canvas Platform

Instructure, the company behind the Canvas educational platform, has reached an agreement with the hacking group ShinyHunters, which had breached its systems and stolen data. The hackers threatened to release the data publicly unless a ransom was paid by a specified deadline. The breach affected nearly 9,000 schools and 275 million individuals, including students, teachers, and staff, disrupting educational activities during a critical period of finals. Instructure has not disclosed whether a ransom was paid but confirmed that the stolen data was returned and destroyed. The company has taken steps to prevent future breaches by disabling the type of accounts exploited by the hackers.
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers to Secure Stolen Canvas Data

Instructure Reaches Agreement with Hackers to Secure Stolen Canvas Data

Instructure, the company behind the online learning platform Canvas, has reached an agreement with the hacker group ShinyHunters to secure the personal data stolen during a recent cyberattack. The hackers had accessed information such as usernames, email addresses, and course details from Canvas users, affecting potentially over 9,000 educational institutions. The agreement reportedly includes the destruction of illicit copies of the data, although it is unclear if a ransom was paid. The breach initially occurred on April 29, exploiting a vulnerability in Free-For-Teacher accounts, and was followed by a second security breach on May 7. In response, Instructure placed Canvas in maintenance mode, temporarily disrupting access for students.
Trendline Trendline
Instructure Reaches Agreement with Hackers to Retrieve Stolen Data

Instructure Reaches Agreement with Hackers to Retrieve Stolen Data

Instructure Reaches Agreement with Hackers to Retrieve Stolen Data
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers Following Data Breach

Instructure Reaches Agreement with Hackers Following Data Breach

Instructure, the company behind the Canvas learning platform, has announced an agreement with the hacker group ShinyHunters, which attacked its systems twice. The initial attack occurred on April 29, during which the hackers claimed to have stolen personal data of approximately 275 million students and staff. The group later attacked again, defacing login pages on school websites to pressure Instructure. The company has stated that the hackers provided evidence of deleting the stolen data and assured that customers would no longer face blackmail. However, Instructure did not disclose the financial terms of the agreement or confirm if any payment was made. The U.S. government and security experts generally advise against paying cybercriminals, as it may encourage further criminal activities.
Rapid Read Rapid Read
Instructure Reaches Agreement with Cybercriminals Following Data Breach Impacting Educational Institutions

Instructure Reaches Agreement with Cybercriminals Following Data Breach Impacting Educational Institutions

Instructure, the maker of the Canvas Learning Management System, has reached an agreement with the cybercriminal group ShinyHunters following a data breach that affected nearly 9,000 educational institutions. The breach, which occurred last month, involved the theft of approximately 275 million records, including usernames, email addresses, course names, enrollment information, and messages. Instructure has not disclosed whether any ransom was paid, but the stolen data has reportedly been returned, and the company has received digital confirmation of its destruction. The agreement ensures that individual institutions do not need to engage with the attackers, and no further extortion will occur. Despite this, the company acknowledges the uncertainty of dealing with cybercriminals and has taken steps to reassure its customers.
Rapid Read Rapid Read
Instructure Confirms Canvas Security Breach, Impacting Educational Institutions

Instructure Confirms Canvas Security Breach, Impacting Educational Institutions

Instructure, the developer of the Canvas learning management system, has confirmed a security breach that allowed hackers to exploit vulnerabilities and deface login portals. The breach involved cross-site scripting (XSS) vulnerabilities, enabling attackers to gain authenticated admin sessions. This incident followed an initial breach where hackers stole over 3.6 terabytes of data. The attackers, identified as ShinyHunters, used the same vulnerability to pressure Instructure into paying a ransom by defacing portals with extortion messages. The breach affected the Free-for-Teacher environment, a limited version of Canvas used by individual educators. Instructure has since taken steps to revoke unauthorized access, engage forensic experts, and apply additional safeguards.
Reuters Reuters
Canvas' parent company reaches agreement with hacking group behind recent breach

Canvas' parent company reaches agreement with hacking group behind recent breach

By AJ Vicens May 12 (Reuters) - The hacking group that targeted the Canvas educational tool and the parent company that owns the software struck a deal to secure stolen student and school data, the company said in a statement late Monday.
Rapid Read Rapid Read
ShinyHunters Launches Ransom Campaign Against Educational Institutions

ShinyHunters Launches Ransom Campaign Against Educational Institutions

The ShinyHunters ransomware group has intensified its extortion campaign against educational institutions following a data breach at Instructure, the company behind the Canvas Learning Management System. The breach, which occurred on April 25, resulted in the theft of approximately 275 million records from 8,809 institutions. ShinyHunters exploited a vulnerability in the Free-For-Teacher version of Canvas, exfiltrating over 3.65 TB of data. The group initially demanded a ransom by May 8, threatening to leak the data if not paid. With the deadline passed, they have begun targeting individual schools with extortion demands, threatening to release data by May 12 if settlements are not reached.
Rapid Read Rapid Read
Canvas' Parent Company Reaches Agreement with Hacking Group to Secure Stolen Data

Canvas' Parent Company Reaches Agreement with Hacking Group to Secure Stolen Data

The parent company of the Canvas educational tool, Instructure, has reached an agreement with the hacking group ShinyHunters, which was responsible for a data breach involving student and school data. The agreement ensures that all stolen data has been returned and digitally confirmed as destroyed. Instructure has stated that no customers will be extorted as a result of this incident. The breach had affected nearly 9,000 schools, with data including student names, email addresses, and messages. The hacking group has confirmed that the data is deleted and that they will not contact the company or its customers for payment. The decision to pay or not in such situations is complex, as noted by ransomware negotiator Kurtis Minder, who suggested that some payment might have been involved.
Trendline Trendline
Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions

Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions

Instructure Reaches Agreement with Hackers Following Data Breach Impacting Millions
Rapid Read Rapid Read
Instructure Reaches Agreement with Hackers to Delete Stolen Canvas Data

Instructure Reaches Agreement with Hackers to Delete Stolen Canvas Data

Instructure, the company behind the Canvas online learning platform, has reached an agreement with hackers to delete data stolen during a recent cyberattack. The breach, claimed by the hacking group ShinyHunters, affected nearly 9,000 schools and 275 million individuals worldwide. The hackers threatened to leak the data unless a ransom was paid by May 6, but later extended the deadline. Instructure confirmed that the data was returned and received digital confirmation of its destruction. However, the company acknowledged the uncertainty of complete data erasure. The breach involved student ID numbers, email addresses, and messages, but not sensitive information like passwords or financial data. The incident caused significant disruption, locking students and faculty out of the platform during finals.