Instructure Faces Scrutiny Over ShinyHunters Ransomware Attack and Data Settlement
-
Which probably means Instructure has paid the hacking group. The ShinyHunters hacking group claimed responsibility for the attack before Canvas was briefly taken offline. The group threatened to publish 3.5 terabytes of student data if ransom demands for a “settlement” weren’t met. Now, Instructure says the stolen data has been returned as part of its unspecified “agreement” with the hackers, alongside a promise that “no Instructure customers will be extorted as a result of this incident.”
Compare 7 other versions
Wired“We are doing petty shit now,” Muneeb says. Instructure, the company behind the educational software Canvas, said on Monday that it had reached a deal with the hackers calling themselves ShinyHunters who had disrupted Canvas across thousands of US schools and posted ransom messages on victims’ screens. In a message on its website, the company wrote that it “reached an agreement with the unauthorized actor involved in this incident.” The statement went on to claim that the data stolen by the hackers in their breach—including records of 275 million students, according to the hackers—had been “returned” to Instructure, had been destroyed on the hackers’ own systems, and that no Instructure customers would be further extorted.
ZDNetOn Thursday, May 7, Canvas login interfaces were defaced, with ransom notes reportedly posted by the ShinyHunters group as it moved from data theft to public extortion. Students who tried to log in were unable to access their course materials, likely a deliberate attempt by the cyberattackers to put pressure on Instructure to pay up, with finals just around the corner.
EngadgetInstructure confirmed that it suffered a data breach a few days ago, admitting that the hackers stole names, email addresses, student ID numbers and even messages exchanged between users. It said at the time that it found no evidence of passwords, dates of birth, government identifiers or financial information being stolen. The company rolled out patches for the first incident and shut down Canvas for hours after the warning notices started showing up for students on May 7.
TechCrunchEducation tech giant Instructure has confirmed a data breach affecting students’ private information. The hacking and extortion gang ShinyHunters claimed responsibility for the breach.
GizmodoThis Thursday, May 7th, deep in the throes of finals week, students at The University of Pennsylvania, Virginia Tech, Duke, and elsewhere ran into trouble while attempting to use Canvas, the educational software employed by thousands of schools and universities around the world. In the place of the usual Canvas dashboard, students were instead greeted with a ransom message from the notorious black-hat hacker group ShinyHunters.
CNETInstructure revealed this week that it had reached a deal with the hacker group ShinyHunters, under which the hackers would destroy copies of user data and agree not to extort users. ShinyHunters had hacked the platform first in April and again last week, and claimed to have targeted thousands of universities and school districts.
Ars TechnicaSchools and colleges scramble A ransomware group known as ShinyHunters claimed responsibility for the breach on its dark web site. It claimed the data it took came from 275 million people associated with 8,800 schools.
-
Now the House committee's chair, Rep. Andrew Garbarino, is examining whether Instructure's coordination with CISA was adequate in this situation. In a letter sent to Instructure CEO Steve Daly, Garbarino, a New York Republican, demanded to know how the company was hacked more than once. The House committee also wants more specific information about the types of sensitive information stolen during the hack.
Compare 1 other version
TechCrunchThe committee seeks Daly’s testimony to address how hackers repeatedly broke into Instructure’s systems, and to disclose the types of data that were taken, Garbarino said in the letter, which cites TechCrunch’s reporting. The letter also says lawmakers want to know how the company is responding to the attacks and notifying affected schools, and seek to examine the adequacy of its coordination with CISA.
-
Instructure cautioned affected Canvas users against individual attempts to contact or bargain with the ShinyHunters group, saying its agreement "covers all impacted Instructure customers."
-
Its previous targets largely consist of large tech companies like Microsoft, Cisco and AT&T, but the hackers have also ransomed information from insurance companies, credit unions and other institutions that handle sensitive data.
-
Instructure asked customers to continue monitoring their accounts, though its external forensic partner has "found no evidence that the threat actor currently has access to the platform."
-
The message says the hackers will publish the stolen data on May 12 if the company does not “negotiate a settlement.”
Compare 1 other version
ZDNetThe hackers' ransom note, which has since circulated online, demands that Instructure contact the group by May 12.
6 details only one outlet reported
Independent claims that didn't surface elsewhere in our corpus. Treat as supplementary — not corroborated across outlets.
-
01 Wired The worst part of your iPhone getting stolen may not be the theft itself. Instead, it’s the phishing attacks waged against people in your contacts. New research this week shows that there’s a thriving ecosystem for tools that let criminals unlock iPhones and target the phone numbers they find inside.
-
02 CNET "It's a very worrying example to see such a high-profile incident result in a payment, especially when acknowledged by the victim company in this fashion," said Troy Hunt, founder and CEO of Have I Been Pwned, a website that keeps track of password info exposed by data breaches. "Unfortunately, it's now a very clear example of how crime does pay, and it normalizes the pattern for future criminals and victims alike."
-
03 TechCrunch Financial terms of the agreement were not disclosed, and Instructure did not say how much it paid the hackers. Instructure spokesperson Brian Watkins did not respond to a request for comment, or answer questions about the agreement when contacted on Tuesday.
-
04 The Verge “We understand how unsettling situations like this can be, and protecting our community remains our top priority,” Instructure said in its latest statement. “With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
-
05 ZDNet Canvas is a Learning Management System (LMS) from Instructure, a Salt Lake City-based educational technology company founded in 2008.
-
06 Gizmodo School-related nightmares are something of a universal experience across cultures and generations. Who among us hasn’t experienced a stressful dream where we’re suddenly thrust back into high school or college, about to take a major exam we’ve not prepared for, or staring down the barrel of some other scholastic catastrophe? Students at many American universities just went through a waking educational nightmare that will undoubtedly haunt their dreams long after graduation.
Fact Corroboration
Which sources independently confirm the same facts. Hover a claim to see its sources, or a source to see what it corroborates.
Coverage by Perspective
Source Similarity
Connections show how similarly each outlet covered this story. Thicker lines = more similar framing.
Sources (8)
- techcrunch
- gizmodo
- verge
- cnet
- wired
- arstechnica
- zdnet
- engadget