Instructure disclosed a data breach on Tuesday involving the theft of students’ private information, including names, personal email addresses, and messages between teachers and students. The company has now faced a second breach where hackers defaced several schools’ login pages for its Canvas platform, which serves to manage coursework and assignments.
The cybercrime group ShinyHunters claimed responsibility for this latest incident, altering the login screens of Canvas at three separate schools to display a threatening message. The message stated that the hackers would publish the stolen data on May 12 unless Instructure engages in “negotiating a settlement.”
As of now, Instructure’s website appeared partially functional, intermittently reporting a “too many requests” error. The Canvas portal indicated it was “currently undergoing scheduled maintenance.”
This recent attack follows the group’s earlier claims of responsibility for the initial breach. ShinyHunters had previously utilized a leak site to publicize the stolen data, exerting pressure on Instructure to secure a ransom payment to prevent the data from being released. This new breach seems to indicate heightened pressure on Instructure and its clients, as the hackers also communicated about the defacement to TechCrunch.
ShinyHunters claimed to have compromised nearly 9,000 schools globally, asserting that the stolen files contain information on approximately 231 million individuals. The group has built its reputation on a financially motivated strategy, employing a method of hacking, publicizing the data, and subsequently extorting the victims.
When questioned about the specific methods used to breach the login pages, a ShinyHunters member declined to comment but confirmed it was a separate breach from the initial data theft.
