Instructure Data Breach Exposes Student Data to ShinyHunters
Key Takeaways
- ShinyHunters stole student names, email addresses, and teacher-student messages from Instructure's Canvas platform
- Hackers claim 275 million people and nearly 9,000 schools were affected, though these numbers are unverified
- Instructure says passwords and other sensitive data types were not compromised in the breach
Instructure, the company behind the widely used Canvas learning management system, has confirmed that hackers stole students' private information in a data breach. The ShinyHunters hacking and extortion gang claimed responsibility.
The stolen data includes student names, personal email addresses, and messages exchanged between teachers and students. Instructure confirmed these categories match what the company knows was taken.
ShinyHunters shared a sample of the stolen data with TechCrunch. The sample contained records from two U.S. schools, one in Massachusetts and one in Tennessee. The Massachusetts school's data included messages with names, email addresses, and some phone numbers. The Tennessee school's data had students' full names and email addresses.
Scope of the Breach Remains Unclear
On its data leak site, ShinyHunters claims the breach affected close to 9,000 schools worldwide and 275 million people. That count allegedly includes students, teachers, and other staff. In a chat with TechCrunch, a group member said the stolen data contains 231 million unique email addresses.
These numbers cannot be independently verified. Financially motivated hacking groups are known to exaggerate their claims to attract media attention and pressure victims.
Instructure says on its website that it serves more than 8,000 institutions. ShinyHunters shared a list of about 8,800 schools allegedly affected. TechCrunch could not confirm whether all listed institutions were actually compromised or even Instructure customers.
Logicity's Take
What Instructure Says Was Not Compromised
The data sample TechCrunch reviewed did not contain passwords. Instructure has stated that passwords and certain other data types were not affected by the breach. The company has not specified which other categories remained secure.
Instructure spokesperson Kate Holmes declined to answer TechCrunch's questions about the incident. She directed inquiries to the company's official page where it is publishing breach updates.
As of Tuesday, Instructure said some products, including Canvas, were restored for customers after maintenance. The company has not clarified whether this maintenance was directly related to the breach response.
ShinyHunters' Recent Activity
Instructure is the latest corporate target for ShinyHunters. The group has focused on universities and cloud database companies in recent months. Their pattern: steal large volumes of personal information, then threaten to publish it online unless the company pays a ransom.
Canvas is Instructure's flagship product. The platform lets educational institutions manage coursework, assignments, and student communication. Both schools in the leaked sample appeared to use Canvas based on information from their websites.
How major tech companies are handling external security and safety reviews
What Schools Should Do Now
Educational institutions using Canvas should monitor Instructure's official updates page for breach disclosures. If your institution receives notification that it was affected, communicate clearly with students and parents about what data may have been exposed.
- Check Instructure's official breach update page for your institution's status
- Alert users that their email addresses may be used in phishing attempts
- Review any messages sent through Canvas that contained sensitive information
- Consider whether phone numbers shared in Canvas messages need additional protection
The stolen messages between teachers and students present a particular risk. These communications may contain personal details beyond what's in a typical database record.
Frequently Asked Questions
Were passwords stolen in the Instructure breach?
No. Instructure says passwords were not affected, and the data sample reviewed by TechCrunch did not contain passwords.
How many schools were affected by the Instructure hack?
ShinyHunters claims nearly 9,000 schools were affected. Instructure has over 8,000 institutional customers. The exact number of affected schools has not been independently verified.
What data was stolen in the Instructure data breach?
Student names, personal email addresses, and messages between teachers and students were confirmed stolen. Some phone numbers were also in the leaked sample.
Who is ShinyHunters?
ShinyHunters is a hacking and extortion gang that steals data from companies and threatens to publish it unless victims pay a ransom. They have recently targeted universities and cloud database companies.
Is Canvas safe to use after the breach?
Instructure says Canvas has been restored after maintenance. However, institutions should monitor official updates and assume previously shared data may be compromised.
Need Help Implementing This?
Source: TechCrunch / Lorenzo Franceschi-Bicchierai
Huma Shazia
Senior AI & Tech Writer
اقرأ أيضاً
رأي مغاير: كيف يؤثر اختراق الأمن الداخلي الأميركي على شركاتنا الخاصة؟
في ظل اختراق عقود الأمن الداخلي الأميركي مع شركات خاصة، نناقش تأثير هذا الاختراق على مستقبل الأمن السيبراني. نستعرض الإحصاءات الموثوقة ونناقش كيف يمكن للشركات الخاصة أن تتعامل مع هذا التهديد. استمتع بقراءة هذا التحليل العميق
الإنسان في زمن ما بعد الوجود البشري: نحو نظام للتعايش بين الإنسان والروبوت - Centre for Arab Unity Studies
في هذا المقال، سنناقش كيف يمكن للبشر والروبوتات التعايش في نظام متكامل. سنستعرض التحديات والحلول المحتملة التي تضعها شركات مثل جوجل وأمازون. كما سنلقي نظرة على التوقعات المستقبلية وفقًا لتقرير ماكنزي
إطلاق ناسا لمهمة مأهولة إلى القمر: خطوة تاريخية نحو استكشاف الفضاء
تعتبر المهمة الجديدة خطوة هامة نحو استكشاف الفضاء وتطوير التكنولوجيا. سوف تشمل المهمة إرسال رواد فضاء إلى سطح القمر لconducting تجارب علمية. ستسهم هذه المهمة في تطوير فهمنا للفضاء وتحسين التكنولوجيا المستخدمة في استكشاف الفضاء.