Instructure confirmed a cybersecurity incident after the ShinyHunters extortion gang claimed to have stolen and listed its data on a leak site. The company says identifying information and private messages may have been exposed, it patched the vulnerability, rotated application keys, and is requiring customers to re-authorize API access while investigations continue. #Instructure #ShinyHunters
Keypoints
- ShinyHunters claims the breach includes hundreds of millions of records and data from thousands of institutions worldwide.
- Instructure reported exposure of names, email addresses, student ID numbers, and private messages among users.
- The company says it has found no evidence yet that passwords, dates of birth, government identifiers, or financial information were involved.
- Instructure deployed patches, increased monitoring, rotated application keys, and requires customers to re-authorize API access.
- Independent confirmation of which schools or how many individuals were impacted remains pending as investigations continue.