Recently, Instructure, a prominent U.S.-based education technology company renowned for its Canvas learning management system, fell victim to a cyberattack. The ShinyHunters extortion group has claimed responsibility for the breach.
Following the incident, Instructure disclosed that personal data was compromised and is currently collaborating with cybersecurity experts and law enforcement agencies to investigate the breach.
The stolen information includes names, email addresses, student ID numbers, and user messages from affected institutions. Fortunately, sensitive data such as passwords, dates of birth, government identifiers, and financial information appear to remain secure. Instructure has assured to promptly inform affected institutions if any changes occur.
As a precautionary measure, Instructure has implemented patches, enhanced monitoring, and rotated application keys. Customers are required to re-authorize access to Instructure’s API to receive new application keys.
Despite not confirming the exact time of the breach or extortion attempts, ShinyHunters has listed Instructure on its data leak site, claiming that nearly 9,000 schools globally have been impacted. The leaked data includes personal conversations, private messages, and other personally identifiable information (PII) involving students, teachers, and staff.
ShinyHunters alleges that the data breach at Instructure was facilitated through a vulnerability in their systems, which has since been addressed. The compromised data supposedly includes over 240 million records linked to students, teachers, and staff, comprising names, email addresses, enrolled courses, and private messages.
The threat actor claims the affected dataset spans approximately 15,000 institutions across various regions, including North America, Europe, and Asia-Pacific. However, independent verification of the impacted schools and individuals by BleepingComputer is pending, with further inquiries directed towards Instructure.
AI recently combined four zero-day vulnerabilities to create an exploit that bypassed both renderer and OS sandboxes, signaling a wave of impending exploits. Learn more at the Autonomous Validation Summit (May 12 & 14) about autonomous validation techniques and how they identify vulnerabilities, validate controls, and facilitate remediation.
Claim Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
