The Canvas Website Has Been Hacked and Appears to Be Holding a Ransom.

Posted on by

The Canvas learning management system, a cloud-based platform used by over 8,000 colleges and universities, including all ten top US colleges, is being held hostage and held ransom. The group Shinyhunters claimed responsibility for the hack and gave Canvas’s parent company, Instructure , until May 12 to reach an agreement or “all information will be disclosed.”

Canvas outages are being reported across the country.

There’s no information yet on the number of affected institutions, but reports of Canvas outages are coming in from universities and colleges across the country . In the last half hour, the number of Canvas outage complaints on the Down Detector website has grown from almost zero to over 8,000.

Photo: Steven Johnson

A similar data breach at Instructure occurred in late April or early May, and the company confirmed that names, email addresses, student ID numbers, and private messages exchanged between users were exposed by Shinyhunters, but said there was no evidence that passwords, birthdates, Social Security numbers, or financial information were compromised.

You may also like

Instructure updated its software on May 2, stating that it had released patches , increased monitoring, and taken other measures to minimize the damage. This was referenced by ShinyHunters users in a message left for Canvas users:

What do you think at the moment?

Photo: Steven Johnson

A group of hackers claimed that a previous attack compromised more than 3 terabytes of data, affecting 275 million students, faculty, and others at nearly 9,000 educational institutions. Time will tell how widespread this latest breach will be.

What should I do if I’m affected by a Canvas outage?

While the threat appears to be mitigated, here are some steps students and faculty can take to improve the security of their digital data in Canvas.

  • Change your password : If you can log in, change your Canvas password. If you use the same password for banking, email, and other resources, change it for those as well.

  • Enable multi-factor authentication (MFA) : This will add an extra layer of security.

  • Beware of phishing emails : If email addresses have been compromised, hackers may send targeted emails to students. Be suspicious of any messages asking you to install software or share account information.

  • Monitor your credit history : It’s unknown whether financial information was compromised in the hack, but checking your credit history won’t hurt.

More…

Tech

Leave a Reply