Instructure and its renowned learning management system, Canvas, have fallen victim to ShinyHunters. Canvas-maker Instructure reached an agreement with ShinyHunters hackers. Credit: Piotr Swat/SOPA Images/LightRocket via Getty Images
Crisis averted? Edtech giant Instructure, creator of the popular LMS Canvas, announced it made a deal with the hacking collective ShinyHunters to protect user data stolen in the recent Instructure data breach. According to CEO Steve Daly, ShinyHunters agreed not to release the stolen data and not to extort any Canvas users.
Instructure was breached twice by ShinyHunters over the past two weeks. The hackers extracted data from 275 million Canvas users at nearly 9,000 schools worldwide. The stolen data included usernames, emails, student IDs, and private messages. Some affected users are underage students. Another incident saw ShinyHunters defacing Canvas login pages due to a security flaw in Free-For-Teacher accounts.
The breaches caused multiple platform outages coinciding with finals week, forcing schools to reschedule tests and coursework. ShinyHunters threatened to release the data unless Instructure paid a ransom by May 12.
On Monday, Instructure announced a deal with ShinyHunters. “We know concerns about potential data publication are top of mind for many customers,” Daly stated. The deal with ShinyHunters required the return of stolen data, with “digital confirmation of data destruction” through shred logs.
Instructure ensured individual customers won’t be extorted with the stolen data, covering all affected customers with the agreement. “There is no need for individual customers to engage with the unauthorized actor,” said Instructure.
Instructure did not disclose monetary details of the deal, acknowledging the risk of dealing with untrustworthy parties. “While complete certainty is impossible, we took every step to give customers peace of mind,” Daly said. Instructure continues working with experts on forensic analysis, hardening its environment, and reviewing involved data. Updates are available on the incident response page.
Topics: Cybersecurity