GoKawiilEducational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility.
Instructure is a U.S.-based education technology company best known for developing Canvas, a widely used learning management system that helps schools, universities, and organizations manage coursework, assignments, and online learning.
On Friday, Instructure disclosed that it suffered a cybersecurity incident and is working with third-party cybersecurity experts and law enforcement to investigate it.
On Saturday, the company issued an update stating that the personal information of users was exposed in the breach.
"While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users," reads the updated statement.
"At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions."
As part of the response, Instructure has deployed patches, increased monitoring, and rotated application keys as a precautionary step.
Customers are required to re-authorize access to Instructure's API for new application keys to be issued.
While Instructure has not responded to BleepingComputer's questions about when the breach occurred and whether they were being extorted, the ShinyHunters extortion gang has now listed the company on its data leak site.
"Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII," reads the data leak site.
... continue reading