Instructure Reaches Agreement with Hackers to Secure Stolen Canvas Data
The company behind the Canvas platform says it has secured the return of stolen data following a breach by the ShinyHunters group.
En resumen
- Instructure has reached an agreement with the ShinyHunters hacking group to prevent the leak of 3.5 terabytes of stolen student data.
- While the company did not explicitly confirm a ransom payment, it claims the data has been returned and destroyed.
Resumen generado por IA
Por qué importa
Instructure is the provider of the Canvas learning management system, which is widely used in educational institutions. The company recently faced a security breach involving the exploitation of 'Free-For-Teacher' accounts.
Instructure, the company behind the Canvas learning management platform, says it has “reached an agreement” with hackers that breached its systems last week to prevent stolen data from being leaked online.
The ShinyHunters hacking group claimed responsibility for the attack before Canvas was briefly taken offline. The group threatened to publish 3.5 terabytes of student data if ransom demands for a “settlement” weren’t met. Now, Instructure says the stolen data has been returned as part of its unspecified “agreement” with the hackers, alongside a promise that “no Instructure customers will be extorted as a result of this incident.”
“We understand how unsettling situations like this can be, and protecting our community remains our top priority,” Instructure said in its latest statement. “With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.”
Instructure doesn’t explicitly say that it paid ShinyHunters, but this update certainly suggests as much. Ransom payments can go towards funding further ransomware attacks and there’s no guarantee that the hacking group will uphold its side of the bargain. Instructure said it had received proof that the stolen data had been destroyed, and that its agreement covers all customers impacted by the breach.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved.”
Most Canvas systems have since been restored, and Instructure is planning to share more information about the attack in a webinar tomorrow. Last week, Instructure said hackers had exploited Free-For-Teacher accounts to breach its systems, and responded by temporarily shutting down those accounts. Instructure has not announced when access to Free-For-Teacher accounts will be restored.
Qué observar
Perspectiva de IA — posibilidades, no hechos
Instructure will face increased scrutiny from regulators regarding their data security practices.
Probable · En meses
The company will announce a timeline for the restoration of Free-For-Teacher accounts during the upcoming webinar.
Probable · En días
Preguntas abiertas
- Was a ransom payment made to the hackers?
- When will Free-For-Teacher accounts be restored?
- What specific data was contained in the 3.5 terabytes?
