"Instructure, the company that operates Canvas, had been warned. Earlier this month, a message was sent, according to Ransomware.live: "This is a final warning to reach out by 6 May 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline," and "FINAL WARNING PAY OR LEAK.""
"On Thursday, almost 9,000 schools and 275 million people were affected, including students, teachers, faculty and staff whose personally identifying information was leaked, according to Ransomware.live. A hacking group known as ShinyHunters said it was behind the break-in, a copy of a ransom note obtained by The Washington Post shows."
"It's unclear exactly what data ShinyHunters took, but the group's tactics involve stealing information and then threatening to release it unless their victims pay up. There's potentially a Tuesday deadline looming, although hacker-tracking site Dark Web Informer said Thursday that ShinyHunters had taken Instructure off its published target list, likely indicating negotiations were taking place."
"Instructure said the group first got into its systems by "exploiting an issue related to our Free-For-Teacher accounts." Robert Johnston, the chief innovation officer at computer security firm N-able, said it's common for hackers to use trial accounts before breaking their way further in."
A major breach involving the Canvas education platform exposed vulnerabilities in student information as hackers increasingly target school systems and the technology providers they rely on. Instructure, which operates Canvas, received a prior ransom warning demanding payment or a data leak. The incident affected nearly 9,000 schools and about 275 million people, with personally identifying information reportedly leaked for students, teachers, faculty, and staff. The hacking group ShinyHunters claimed responsibility and used tactics involving data theft followed by threats to publish unless payment is made. Instructure stated the attackers gained access by exploiting an issue tied to Free-For-Teacher accounts, and the platform was taken offline during finals.
Read at The Washington Post
Unable to calculate read time
Collection
[
|
...
]