GoKawiilStudents are finally getting some good news during finals season: The personal data stolen during the Canvas hack has been secured, according to service owner Instructure.
The company confirmed that it reached an agreement with the hacker group ShinyHunters to destroy illicit copies of user data and prevent extortion of Canvas customers. It remains unclear whether this agreement included ransom payment for the hackers. The stolen data included "information like usernames, email addresses, course names, enrollment information and messages."
Instructure said "there is never complete certainty when dealing with cybercriminals," but the company states that it received digital confirmation that the stolen data had been deleted by the hackers, in the form of shred logs.
Instructure cautioned affected Canvas users against individual attempts to contact or bargain with the ShinyHunters group, saying its agreement "covers all impacted Instructure customers."
The hacker group first infiltrated Canvas systems on April 29, using a security flaw tied to Free-For-Teacher accounts. This allowed ShinyHunters to scrape personal information tied to students and educators.
While we don't know exactly how many institutions were affected, the hackers claimed they had targeted more than 9,000 universities and public school districts. Canvas is used in K-12 schools, so it's likely that the breach exposed sensitive information of underage students.
The situation escalated when the hackers cracked Instructure's security for a second time on May 7, leaving a message exposing their illicit activity to anyone attempting to sign in to Canvas. Instructure promptly moved Canvas into maintenance mode, during which students were unable to access the service.
If the ShinyHunters name sounds familiar, it's because it's a well-established collective of ransomware hackers. ShinyHunters is the same team that breached Anodot and absconded with some of Rockstar Games' business data in April.
Its previous targets largely consist of large tech companies like Microsoft, Cisco and AT&T, but the hackers have also ransomed information from insurance companies, credit unions and other institutions that handle sensitive data.
Canvas is currently operational, although the Free-For-Teacher accounts have been temporarily disabled as Instructure continues to investigate the exploit used to breach its systems.
... continue reading