Instructure, the company behind the Canvas learning management platform, has announced that it has “reached an agreement” with the hackers responsible for breaching its systems last week, aiming to prevent the leaking of stolen data. Known as ShinyHunters, the hacking group had initially claimed responsibility for the attack, which led to a temporary shutdown of Canvas. They had threatened to release 3.5 terabytes of student data unless their ransom demands were met. Instructure now says that as part of the agreement with the hackers, the stolen data has been returned, and they promise that “no Instructure customers will be extorted as a result of this incident.”
In a recent statement, Instructure emphasized its commitment to community safety: “We understand how unsettling situations like this can be, and protecting our community remains our top priority.” While they haven’t explicitly stated paying ShinyHunters, the unspecified agreement hints at that possibility. Instructure has reportedly received proof that the data was destroyed, though the data was also “returned.” There are concerns about the potential for ransom payments to fund future attacks, and no assurance that the hackers will keep their promise.
Addressing customer concerns, Instructure stated, “While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved.”
Most Canvas systems have been restored, and Instructure plans to provide further details about the attack in an upcoming webinar. Last week’s breach taking advantage of Free-For-Teacher accounts led to their temporary shutdown, but it is unclear when these accounts will be accessible again.