- ShinyHunters briefly hijacked login portals for ~330 institutions, posting ransom demands and threats
- The group extended its deadline to May 12, warning of full data leaks if no settlement is reached
- Instructure confirmed the earlier breach but maintains sensitive financial and ID data was not exposed
The Instructure cyberattack has apparently reached a new level as, in order to pressure victims into paying a ransom demand, ShinyHunters has defaced Canvas login portals for hundreds of colleges and universities.
Members of roughly 330 educational institutions were met with an entirely different “welcome” message when trying to log into the Canvas learning system following the next stage of the group’s attack.
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” the message said. “If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked.”
Pushing the deadline
The defacement message was reportedly visible for roughly half an hour, before being pulled by Canvas’ team.
Instructure, the company behind the Canvas system, recently notified its users about suffering a cyberattack and losing sensitive customer data. Instructure said the crooks accessed “certain identifying information of users” at affected institutions, including names, email addresses, student ID numbers, and user communications.
At the same time, ShinyHunters added Instructure to their data leak site, claiming the attack affected nearly 9,000 schools and 275 individuals worldwide.
“Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached, and a lot more other data is involved.”
It seems Instructure wasn’t interested in negotiating with the miscreants, since earlier this week, they updated their site, name-dropped multiple high-profile universities, and pushed the deadline to May 7.
Now, the deadline seems to have been pushed again, this time to May 12.
Passwords, dates of birth, government identifiers, or financial information, were not involved, and the company revoked privileged credentials and access tokens associated with affected systems in order to mitigate the threat.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/BsnMKVyyNGEZMWVUsFD6vn-2560-80.jpg
Source link
