The widely-used learning management platform, Canvas, owned by Instructure, has recently experienced significant disruptions following a substantial data breach. This breach has compromised sensitive information, including student names, email addresses, ID numbers, and messages. On Thursday, students attempting to access the platform were greeted with a message from the notorious hacking group, ShinyHunters, who have taken responsibility for the attack.
This alarming message also contained a link to a list of schools that ShinyHunters claim to have infiltrated through Canvas. The implications of this breach are far-reaching, affecting numerous educational institutions and their students.
In response to the breach, Instructure has proactively placed Canvas, along with its Beta and Test environments, into maintenance mode. As noted on their status page, the company is working diligently to restore access and promises to provide updates as soon as progress is made.
Last week, Instructure announced that it had implemented patches aimed at bolstering system security in the wake of the breach. The hacking group ShinyHunters, which has previously claimed responsibility for attacks on major entities like Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel, asserts that its data leak site hosts information from approximately 9,000 schools. This data reportedly includes details of 275 million students, teachers, and other staff, as reported by Bleeping Computer.
Update, May 7th: Instructure has provided additional communication regarding the maintenance mode status of Canvas.
Update, May 7th: Added Infrastructure’s maintenance mode message.
