Over the weekend, Instructure, a prominent education technology company, experienced a significant cybersecurity incident that led to a data breach. Known for Canvas, a widely utilized learning management system, Instructure faced disruptions caused by the attack.
Based in Salt Lake City, Utah, Instructure revealed the cyberattack on April 30. The attack caused issues with tools dependent on API keys, which were largely resolved by May 3, when access to the Canvas Data 2 platform was reinstated.
Details of the Cyberattack
On May 1, Instructure confirmed that cybercriminals were responsible for the breach and had engaged external forensic experts to conduct an investigation. The company emphasized their commitment to understanding the full scope of the incident and minimizing its impact.
By the following day, the breach was contained, with certain application keys reissued. Users were required to reauthorize access to affected tools. Instructure took additional steps by revoking privileged credentials and access tokens, deploying security patches, and enhancing monitoring protocols.
Compromised Information
Instructure disclosed that the attackers accessed personal data, including names, email addresses, and student ID numbers. However, they assured users that passwords, birth dates, government identifiers, and financial information remained unaffected.
The company has not yet disclosed the number of affected institutions or individuals, nor have they identified the threat actor responsible for the attack.
ShinyHunters’ Involvement
On May 3, the notorious ShinyHunters extortion group claimed responsibility, listing Instructure on their Tor-based leak site. They alleged to have stolen 3.65 terabytes of data, affecting 275 million users across nearly 9,000 educational institutions worldwide. Additionally, they claimed that Instructure’s Salesforce system was compromised.
Efforts to contact Instructure for further details are ongoing. Updates will be provided as new information becomes available.
Related reports include data breaches at Sandhills Medical, Checkmarx, Vimeo, and Rituals, highlighting a concerning trend in cybersecurity threats.
