ShinyHunters has reportedly exploited a vulnerability in Instructure to deface Canvas login portals for about 330 schools and universities, using the takeover to threaten the release of stolen data. Instructure has taken Canvas offline while investigating the attack, which follows claims that 280 million student and staff records were stolen from its learning management system. #ShinyHunters #Instructure #Canvas #UniversityofTexasatSanAntonio
Keypoints
- ShinyHunters defaced Canvas login pages at hundreds of educational institutions.
- The group threatened to leak stolen data unless a ransom is negotiated by May 12.
- The defacement affected around 330 schools and also appeared in the Canvas app.
- Instructure took Canvas offline while responding to the latest cyberattack.
- The attack follows claims of data theft involving 280 million student and staff records.