"Instructure apologized for the disruption when Canvas went offline last Thursday, leaving thousands of colleges, universities, and K-12 schools without access to course materials, grades, and due dates during final exams and Advanced Placement testing for many. As of Saturday, the parent company claimed, "Canvas is fully back online and available for use.""
"Instructure finally broke its silence on Monday about what happened, admitting not one but two intrusions after criminals exploited a security vulnerability in its Free-for-Teacher learning system, and saying the data thieves stole information including usernames, email addresses, course names, enrollment information, and messages. "Core learning data (course content, submissions, credentials) was not compromised," the Monday disclosure said."
"On April 29, the online education firm "detected unauthorized activity in Canvas," immediately revoked the intruder's access, and initiated a probe into the breach, according to Instructure's notice posted on its website. On May 7, the company "identified additional unauthorized activity tied to the same incident." ShinyHunters defaced about 330 Canvas school login portals, also exploiting the same Free-for-Teacher vulnerability, and that caused the ed-tech firm to take Canvas offline and "into maintenance mode to contain the activity.""
Instructure reported two rounds of unauthorized activity affecting its Canvas online learning platform within two weeks. Canvas went offline, disrupting thousands of colleges, universities, and K-12 schools during final exams and Advanced Placement testing. The company later stated Canvas was fully back online. Instructure then disclosed that criminals exploited a security vulnerability in its Free-for-Teacher system and stole information including usernames, email addresses, course names, enrollment information, and messages. The company said core learning data such as course content, submissions, and credentials was not compromised, while it continued validating findings. Instructure detected unauthorized activity on April 29, revoked access, and investigated. On May 7 it identified additional activity tied to the same incident, including defacement of login portals, and took Canvas offline to contain the activity.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]