The hackers are seeking ‘to negotiate a settlement.’
ShinyHunters hackers have breached Instructure a second time.
ShinyHunters appears to continue targeting the edutech giant Instructure.
The notorious hacking group, ShinyHunters, has breached Instructure once more. Instructure is renowned for its Learning Management System (LMS) application Canvas. They previously hacked Instructure’s systems, compromising data from nearly 9,000 schools globally.
TechCrunch reports this week that ShinyHunters vandals tampered with Canvas login pages at numerous schools using the platform.
TechCrunch saw at least three school login pages breached with a message by ShinyHunters warning of releasing stolen data on May 12 unless Instructure consents to negotiate a settlement.
Instructure confirmed being breached by the same actors responsible for the earlier incident. This marks a second breach targeting a different segment of its infrastructure this time.
Instructure briefly took Canvas offline during its investigation into the second breach, discovering that the hackers exploited an issue tied to Free-For-Teacher accounts. These accounts were temporarily suspended, and Canvas access was restored for users.
Earlier this month, ShinyHunters took credit for a breach later confirmed by Instructure. ShinyHunters claims the data stolen is linked to 275 million Instructure users, affecting 8,809 schools worldwide. The compromised data includes users’ names, email addresses, student IDs, and private messages on Canvas.
The request from ShinyHunters to negotiate settlements has become routine for the group, which seeks to capitalize financially on its actions.
Over the past year, ShinyHunters has claimed responsibility for breaches at companies such as Panera Bread, Crunchyroll, Bumble, ADT, and Rockstar Games, among others.
Cybersecurity
[Image: ShinyHunters hackers defaced Canvas login pages, threatening to release stolen data unless Instructure negotiates a settlement.]