Instructure breach update: ShinyHunters claim second hack, deface school websites
Source: Mashable Tech
Background
ShinyHunters, the hacking and extortion collective, previously breached Instructure – the ed‑tech company behind the Canvas learning management system – stealing data connected with nearly 9,000 schools worldwide. The original breach, reported by Mashable, involved information belonging to an estimated 275 million Instructure users, including names, email addresses, student IDs, and private Canvas messages.
Recent Defacement
According to a report from TechCrunch, ShinyHunters defaced Canvas login pages for several schools this week. The attackers injected an HTML file displaying a message that threatened to publicly release the stolen data on May 12 unless Instructure “negotiates a settlement.” At least three school login pages were observed with this message.
Instructure confirmed that the same actors responsible for the earlier breach were behind this second incident, which targeted a different part of its infrastructure.
Impact and Response
- Service disruption: Instructure temporarily took Canvas offline while investigating the breach.
- Root cause: The hackers exploited an issue related to the company’s Free‑For‑Teacher accounts. These accounts have been temporarily disabled, and Canvas access has been restored for users.
- Data at risk: The stolen data from the original breach includes personal information for students, teachers, and staff across 8,809 schools worldwide.
ShinyHunters’ demand for a “settlement” follows a pattern of extortion attempts by the group.
ShinyHunters’ History of Breaches
ShinyHunters has claimed responsibility for data breaches at several high‑profile companies, including:
These incidents illustrate the group’s ongoing focus on extorting organizations by threatening to release compromised data.