Canvas owner reaches ‘agreement’ with hackers to secure stolen data
Source: The Verge
Instructure reaches agreement with hackers
Instructure, the company behind the Canvas learning management platform, says it has reached an agreement with the hackers who breached its systems last week to prevent stolen data from being leaked online.
The ShinyHunters hacking group claimed responsibility for the attack before Canvas was briefly taken offline. The group threatened to publish 3.5 terabytes of student data if ransom demands for a “settlement” weren’t met. Instructure now states that the stolen data has been returned as part of its unspecified “agreement” with the hackers, along with a promise that “no Instructure customers will be extorted as a result of this incident.”
“We understand how unsettling situations like this can be, and protecting our community remains our top priority,” Instructure said in its latest statement. “With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Details of the breach and the agreement
Instructure does not explicitly confirm that it paid ShinyHunters, but the update suggests a financial component. Ransom payments can fund further ransomware attacks, and there is no guarantee the hacking group will uphold its side of the bargain. Instructure said it received proof that the stolen data had been destroyed (raising the question of how that data was also “returned”), and that the agreement covers all customers impacted by the breach.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved.”
Current status and next steps
Most Canvas systems have since been restored, and Instructure plans to share more information about the attack in a webinar. Last week, the company said hackers had exploited Free‑For‑Teacher accounts to breach its systems and responded by temporarily shutting down those accounts. Instructure has not announced when access to Free‑For‑Teacher accounts will be restored.