"Instructure develops the software and an entry on its Status Page dated May 2 features Chief Information Security Officer Steve Proud stating the org "recently experienced a cybersecurity incident perpetrated by a criminal threat actor." "We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact," he added."
"Numerous posts report that attempts to log into Canvas earlier this week failed, but did produce a notice from an entity claiming to be the notorious hacking crew ShinyHunters, who claimed the outage was only possible due to lax patching. The crew also claimed to have stolen data from institutions that use Canvas and threatened to leak it unless a "settlement" is reached by May 12."
"Canvas has thousands of customers, meaning any confirmed breach could have wide impact. As of Thursday evening US time, Canvas says its wares are now available "for most users" and won't offer further comment. A student of The Register's acquaintance - OK, one of my kids - shared an email advising that his uni has prevented access to Canvas while it tries to understand the situation and the risk of data leakage."
"We've seen multiple universities posting notices about the incident that say more or less the same thing. Most also warn students of heightened phishing risk and urge caution. Several also advise that as they require students to lodge assignments in Canvas, students can assume they have an extension on deadlines."
Instructure’s Canvas learning platform experienced a cybersecurity incident attributed to the criminal threat actor ShinyHunters. Instructure reported that it was investigating with outside forensics experts and working to understand the incident’s scope while minimizing impact. Reports indicated login attempts failed and users received notices claiming the outage resulted from lax patching. ShinyHunters also claimed to have stolen data from institutions using Canvas and threatened to leak it unless a settlement was reached by May 12. Canvas has many customers, so a confirmed breach could affect a wide range of schools and universities. Instructure later stated the service was available for most users and universities warned about phishing risk and assignment deadline extensions.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]