As millions of students prepare for finals nationwide, the usual end-of-semester stress has been hit with a massive curveball. On May 7, the cybergroup known as ShinyHunters breached Instructure and managed to shut down Canvas worldwide. The platform serves as the leading educational infrastructure for over 9,000 schools, including major universities and K-12 districts, and supports more than 30 million active users.
The escalation began on May 3, when the group posted a warning on the forum Ransomware.live. They claimed to have obtained 3.65 TB of data, including private messages between students and teachers and other personally identifiable information (PII). While the group claims this affects 275 million individuals, Instructure’s response was initially a silent one.
According to the hackers, the outage was the result of being ignored. “Instead of contacting us to resolve it, they ignored us and did some ‘security patches,’” ShinyHunters shared on May 7.
They have now set a deadline of May 12, for Instructure to “negotiate” a deal before the data is leaked.
Instructure’s Chief Information Security Officer, Steve Proud, stated the company is working with outside experts to minimize the impact. “Maintaining your trust is our highest priority,” Proud said, though the company maintained that passwords and financial data remain secure.
The effect of the attack is already hitting the Coachella Valley. College of the Desert recently posted on social media, warning students of a phishing scam connected to the breach. Some users have reported receiving emails claiming that their web activity was being monitored, with hackers demanding a Bitcoin payment within 48 hours to delete “compromising information.”
Some students at College of the Desert have already expressed concerns about the safety of their personal information and about not having the resources necessary to complete their finals.
“I was really shocked when I found out that they got hacked. You would think that’s something that they’re very secure with, especially with student information. It can leave thousands of people vulnerable,” a student told The Chaparral.
College of the Desert advises: Do not respond, do not click links, and delete the email immediately.
If you notice suspicious activity or receive concerning messages, please contact Stuart Davis, chief technology officer, at [email protected].
As of 8 p.m. PST, Canvas is reported to be fully operational, but the long-term impact of the breach is yet to be known. The Chaparral will continue to cover this story as the May 12 deadline approaches.
“I was really glad that they got it resolved and I was able to complete my assignments because finals are coming up and I did not want to get behind.” a student said.
On May 12, Instructure announced that they had paid the hackers to avoid the release of 3.65TB of data. They claim to have received digital confirmation of the shred logs and were told there will be no further action taken.
