Close Menu
    Trending
    Thursday, June 4
    Internet of Things

    Canvas Breach Shakes Schools Nationwide: 6 Critical Steps to Take Immediately

    CarterBy Updated:No Comments5 Mins Read
    Canvas breach disrupts schools nationwide: 6 steps to take now

    Outflow Designs/ iStock / Getty Images Plus via Getty Images

    Follow ZDNET: Add us as a preferred source on Google.

    ZDNET’s key takeaways

    • Canvas faced a cyberattack this week.
    • Numerous students are currently locked out of the widely used learning platform.
    • Instructure confirms data was taken; here’s what Canvas users need to do now.

    Canvas is currently dealing with a cyberattack and extortion scheme orchestrated by a notorious hacking group that alleges it has pilfered student data. If you use Canvas, there are protective steps you can take immediately.

    Also: No one pays ransomware demands anymore – so attackers have a new goal

    What is Canvas?

    Canvas is a Learning Management System (LMS) developed by Instructure, an edtech firm based in Salt Lake City that was established in 2008.

    Built for online education, Canvas is utilized by thousands of educational institutions for creating and managing classes, grading, providing feedback, and submitting assignments. Instructure reports that the platform now serves tens of millions of users, including students and parents, with 27 million mobile app downloads. Canvas is accessible in more than 100 countries.

    What happened?

    Despite Canvas advertising a 100% uptime guarantee on its site, Instructure’s CISO Steve Proud stated last week that the platform had “recently experienced a cybersecurity incident carried out by a criminal threat actor.”

    The company launched an investigation. On May 6, Proud mentioned that the company felt the incident had been “contained,” though some data might have been compromised — and it wasn’t long before students started reporting login problems.

    Also: The shadowy SIM farms behind those incessant scam texts – and how to stay safe

    On Thursday, May 7, Canvas login screens were vandalized, with ransom messages allegedly posted by the ShinyHunters group as they shifted from stealing data to public extortion. Students attempting to sign in couldn’t reach their coursework, likely a calculated move by the hackers to pressure Instructure into paying, especially with final exams approaching.

    In response, Canvas showed a maintenance mode page, a decision that faced criticism.

    The hackers’ ransom note, which has since spread online, requires Instructure to get in touch with the group by May 12.

    “ShinyHunters has breached Instructure (again),” the note states. “Instead of reaching out to us to fix it, they ignored us and applied some ‘security patches.'”

    While access has reportedly been restored for most users, with the deadline looming, this situation may not be over yet.

    What is ShinyHunters?

    ShinyHunters is a gang of cybercriminals known for extorting companies for money. Since gaining notoriety in 2020 through a series of major corporate breaches, ShinyHunter’s modus operandi is to silently break into a target organization, steal data, and then publicly pressure the victim into paying a “settlement.”

    Also: The best free VPNs: Expert tested and reviewed

    Frequently linked to massive data breaches, ShinyHunters, like many other cybercriminal outfits, runs a “leak site.” These are public websites that list supposed victims and the data taken, often alongside a payment demand.

    If a victim doesn’t comply, the stolen information might be released. Getting the victim’s name taken off the leak site can also be part of the negotiation.

    What information was stolen?

    ShinyHunters has threatened to release data belonging to roughly 275 million students from 8,800 schools if their demands aren’t met.

    Also: I’m a tech professional, and an AI job scam almost fooled me – here’s how I caught on

    According to Instructure, the compromised data may include:

    • Names
    • Email addresses
    • Student ID numbers
    • Messages between users

    “Currently, we have found no evidence that passwords, dates of birth, government IDs, or financial details were involved,” Instructure noted. “If that changes, we will alert any affected institutions.”

    Instructure’s response

    It remains unclear whether Instructure has engaged with ShinyHunters. Instructure stated it is currently “not seeing any ongoing unauthorized activity.”

    Also: This critical Linux vulnerability is putting millions of systems at risk – how to protect yours

    The company has revoked privileged credentials and access tokens linked to the impacted systems, applied security patches — though no specific vulnerability details have been shared yet — and rotated security keys. Instructure also mentioned it has increased monitoring across its services.

    “As a precaution, we suggest customers follow security best practices, such as enforcing MFA on privileged accounts, reviewing admin access, and rotating API tokens or keys where necessary,” the company added.

    6 steps to take immediately

    1. School updates: Since this security breach appears to impact thousands of schools and academic bodies, contact your institution or check its website and communication channels for the latest information.
    2. Passwords: Whenever you think you might be part of a data breach, the first step is to change the password for your account. If you use that same password for other online services, update those as well. If the ransomware group publishes stolen data and captures login details, those could be made public. Consider using a password manager to generate strong passwords and to get alerts about data leaks.
    3. Have I Been Pwned: It’s still too early for this breach and any potential data leak to show up on Have I Been Pwned, but we suggest checking this site regularly to see if you’ve been part of any online data breaches. It’s free, and all you need to do is search using your email address.
    4. Enable 2FA/MFA: If you haven’t already, turn on two-factor or multi-factor authentication for your related accounts.
    5. Monitor your email: If Canvas follows proper procedures, it should notify users if their data has been compromised — stay alert for any updates.
    6. Watch out for phishing: However, if stolen email addresses or contact info are leaked, they could be used in targeted phishing attacks, so be cautious with any messages that seem to be from your school or Canvas. If you spot signs of phishing — like odd grammar, fake email addresses, or requests to click suspicious links or open attachments — verify the message by phone or another method first.

    Also: These 5 critical Windows Defender settings are off by default – turn them on ASAP

    ZDNET has contacted Instructure, and we will provide an update if we receive a response.

    Share.

    Related Posts

    Leave A Reply