"A major cybercrime gang's hack of Canvas is highlighting how education technology providers have become attractive targets for cybercriminals, whose access to student records, login credentials and other sensitive data can create opportunities for fraud, identity theft, extortion and future intrusions."
"ShinyHunters on Thursday claimed responsibility for a hack into Instructure's Canvas platform that facilitates course materials and class management for thousands of institutions. An extensive document posted by the hackers and obtained by Route Fifty lists some 9,000 customers apparently impacted in the breach, including Georgetown, Harvard and Cornell universities. It's not clear whether all victims listed were accessed, or what data may have been stolen."
"As Instructure worked to restore services, the hackers appeared to launch follow-on attacks, while students flooded social media during final exam season with photos and videos showing compromised Canvas pages appearing upon login. ShinyHunters claims it accessed names, email addresses, student identification and private messages."
"An extortion message posted on affected sites says that Instructure has until May 12 to reach out to the hackers. ShinyHunters has since removed Instructure from their Pay-or-Leak portal and the company says Canvas functions have been restored. Route Fifty has asked Instructure if it is negotiating with the group or has paid a ransom to prevent data from being leaked."
A cybercrime group claimed responsibility for hacking Instructure’s Canvas platform used by thousands of institutions. The hackers posted a document listing about 9,000 impacted customers, including major universities, though it is unclear which organizations had data accessed and what information was stolen. During service restoration, follow-on attacks appeared to occur, and students reported compromised Canvas pages during final exams. The group claimed access to names, email addresses, student identification, and private messages. An extortion demand set a deadline for contact, and the group removed Instructure from its pay-or-leak portal. Instructure stated Canvas functions were restored and Route Fifty sought details on whether ransom or negotiations occurred. The FBI said it is aware of the compromise and advised recipients not to pay or respond to demands.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]