Instructure Cuts Deal with Hackers to Stop Data Leak
Canvas LMS maker Instructure makes pact with ShinyHunters, but questions remain.
Instructure, the company behind the widely used Canvas learning management system, cut a deal with the notorious ShinyHunters extortion group. The goal? Stop a massive data leak from going public.
It's a bid to safeguard information belonging to over 30 million educators and students across more than 8,000 institutions worldwide. That's a lot of data.
The Agreement: Data Back, But What's the Cost?
Instructure confirmed the deal in a statement. ShinyHunters returned the stolen data. Even provided logs, Instructure says, showing it was destroyed. No customers would face extortion, the company assured. They called the agreement a "step" toward protecting their community.
But here's the thing: paying off hackers doesn't necessarily make problems go away. The FBI has warned for years that a ransom payment is no guarantee against future extortion or data resale.
How They Got In
How'd they get in? ShinyHunters apparently exploited a vulnerability in the Free-for-Teacher Canvas LMS. They used cross-site scripting (XSS) flaws. Gained admin access. Defaced login portals with ugly extortion messages. Just another reminder of how vulnerable these digital education platforms really are.
Instructure quickly shut down those free accounts. Now they're scrambling to patch the holes and prevent a repeat.
ShinyHunters' Rap Sheet
ShinyHunters isn't new to this. They've hit big names before: Google, Cisco, you name it. This Instructure attack? It involved a massive 3.6 terabytes of uncompressed data. A pretty stark reminder of the data security headaches facing edtech, huh?
Still Unclear:
- What exactly did Instructure agree to? We don't know the terms.
- How will Instructure actually secure its systems now? Still pretty vague.
- And for those Free-for-Teacher users? Their long-term future is up in the air.
Why This Matters:
So, why does any of this matter? It's another glaring example of just how vulnerable edtech really is. More digital platforms mean more risk. Simple as that. This whole thing? It's a loud warning shot. Protect that sensitive student data. Period.
Hardware keys and password managers used by security pros.
Shop security gear →More from Security
TeamPCP's Supply-Chain Attack Compromises 400+ NPM, PyPI Packages for Dev Credentials
More than 400 NPM and PyPI packages have been compromised by TeamPCP. This widespread supply-chain attack aims for developer credentials. Act fast.
FCC Extends Waiver for Foreign Router Updates Until 2029
The FCC's decision allows foreign routers on the Covered List to get software updates until 2029, easing potential consumer harm.
GM Agrees to $12.75M Settlement Over Driver Data Sales in California
GM strikes a $12.75M deal with California over claims of illegal driver data sales, spotlighting privacy enforcement.
Checkmarx Jenkins Plugin Compromised by TeamPCP Malware
TeamPCP infiltrated Checkmarx's Jenkins AST plugin with credential-stealing malware. Users should rotate secrets and check for breaches.
Don’t miss these
Film Crews Are Swapping iPads for E-Readers. Seriously.
Forget the iPad. For quick notes and script changes on a busy film set, the Onyx Boox Tab Ultra C delivered a paper-like feel and astonishing battery life, making it a dark horse for production pros.
Heise Academy's Guide to Safe GPT Use for Businesses
Companies are wrestling with AI. A new guide from Heise Academy explains how to adopt GPT safely, scale it, and plug it into existing workflows without chaos.
Forza Horizon 6 Leak: Not Steam's Fault, Devs Blame Early Access
That big Forza Horizon 6 leak? Not Steam. Playground Games points to early access folk – reviewers, influencers – as the likely source.
Microsoft Promises Fewer Windows 11 Update Headaches by 2026
Microsoft just detailed a major overhaul for Windows 11 updates, promising users more control, less downtime, and a smoother experience by 2026.
Instagram Tests Per-Slide Captions for Carousels
Instagram is reportedly testing a new feature allowing separate captions for each slide in carousel posts. It's a small tweak, sure, but it could seriously change how content is made and consumed.
Philips Launches HDMI Sync Box 2.1 with 8K Support in June 2026
Philips introduces the HDMI Sync Box 2.1 for 8K and 4K displays. Set for release in June 2026, it aims to transform home lighting integration.