In a recent development, education technology leader Instructure has encountered another cybersecurity incident. After previously revealing a data breach that compromised students' private information, including names and personal email addresses, the company is now dealing with a defacement of several school login pages for its Canvas platform.
Canvas serves as a vital tool for educational institutions, enabling them to manage coursework, assignments, and communication between students and teachers. However, hackers from the cybercrime group ShinyHunters have reportedly altered the login screens of three different schools, injecting HTML code that displayed their message.
The hackers have threatened to release the stolen data on May 12 unless Instructure engages in negotiations. Currently, Instructure's website appears to be partially functional, with users occasionally encountering a "too many requests" error. The Canvas portal has also displayed a notice about scheduled maintenance.
While Instructure has not provided a comment on the situation, the ongoing challenges highlight the growing need for robust cybersecurity measures in educational technology. The original breach had already impacted nearly 9,000 schools globally, with the stolen files allegedly containing information on 231 million individuals.
The modus operandi of ShinyHunters has been consistent, focusing on hacking, publicizing, and extorting. This latest incident, coupled with their proactive communication with TechCrunch about the defaced login pages, suggests an escalation in their tactics to pressure Instructure and its users.
As educational institutions increasingly rely on digital platforms, the implications of such breaches could be profound, emphasizing the necessity for enhanced security protocols and a collective effort to safeguard sensitive information.
