ShinyHunters has taken down Canvas, the Instructure-owned learning management platform used by millions of students, after claiming a second successful breach of the company's systems. The group exposed a message to users Thursday confirming they stole student names, email addresses, ID numbers, and private messages.
The attackers say Instructure ignored their initial contact and responded only with 'security patches,' a move ShinyHunters is now punishing publicly by defacing the platform itself. They are demanding affected schools reach out privately via TOX to negotiate before data is released.
The full story details which schools are on the affected list and what Instructure has officially confirmed so far. That gap between what the company says and what the attackers are claiming is where this gets worth reading.
[READ ORIGINAL →]