Instructure says it reached an agreement with ShinyHunters after the group stole and then returned data from a breach affecting its Canvas LMS, which serves over 30 million users across 8,000 schools and universities. The attack exploited Free-for-Teacher and Canvas XSS flaws to steal information and deface login portals, and Instructure says no customers will be extorted. #Instructure #Canvas #ShinyHunters
Keypoints
- ShinyHunters stole data from Instructureβs Canvas environment.
- The stolen data included usernames, emails, course names, enrollment details, and messages.
- Instructure says ShinyHunters returned the data and provided shred logs.
- The attackers exploited Free-for-Teacher and Canvas XSS vulnerabilities.
- Instructure shut down Free-For-Teacher accounts and restored Canvas service.