On Tuesday, Instructure disclosed a data breach involving the theft of students’ private information, including names, personal email addresses, and messages exchanged between teachers and students. Hackers, identified as the cybercrime group ShinyHunters, have also compromised Instructure by defacing login pages for its Canvas platform used by various schools.
ShinyHunters published messages on the defaced login screens of three schools, threatening to release the stolen data on May 12 unless Instructure agrees to “negotiate a settlement.” Instructure’s website experienced fluctuating availability, at times returning a “too many requests” error, while Canvas displayed notices of “scheduled maintenance.”
Instructure did not respond to TechCrunch’s request for comment at the time of reporting. The group ShinyHunters previously claimed responsibility for the initial hack and utilized a leak site to publicize the stolen data to extort Instructure.
The recent actions from ShinyHunters suggest an effort to increase pressure on Instructure and its customers to meet their demands. It remains unclear how the hackers compromised the login pages, with a ShinyHunters representative stating that this incident constitutes a second, separate breach.
Following the initial breach, the hackers claimed to have stolen data from nearly 9,000 schools globally, affecting approximately 231 million individuals. ShinyHunters has a documented history of attacking various victims using a similar financially motivated strategy: hack, publicize, and extort.
