"Twice this month, a group called ShinyHunters launched cyberattacks on Canvas, a cloud-based platform for classrooms run by Salt Lake City-based company Instructure, as CNN reports. The first attack reportedly occurred on May 1, which the company resolved over the next few days with security patches. After the second attack on Thursday, students from almost 9,000 schools across the world tried to log onto their school's platforms and were met with a note from the hackers declaring the data of 275 million individuals had been breached, including private messages, according to KQED."
"The group said it would release the students' information if it didn't receive its ransom by May 12. The California State University system posted updates about the incident, noting that the platform was down for about 20-30 minutes on May 4. The following day, CSU received a message from Instructure informing them that the group had breached the system and accessed usernames, email addresses, and student ID numbers in late April."
"The company reportedly told its clients that there is no evidence that passwords, Social Security numbers, financial information, or other highly sensitive data were compromised. In addition to the CSU and University of California systems, other local universities that utilize Canvas include Stanford University and Peralta Community College District. Per CNN, Columbia University, Rutgers, Princeton, Kent State, Harvard, and Georgetown are also clients."
"Students were warned not to click on any links on the website during the attack. A report page on Instructure's site said the platform was in maintenance mode Thursday."
Canvas, used by thousands of schools worldwide, was targeted by hackers who demanded ransom and threatened to release students’ data. A first attack on May 1 was addressed with security patches over the following days. A second attack caused widespread login issues for students at nearly 9,000 schools, with a hacker message claiming 275 million individuals were breached and that private messages were included. The hackers demanded payment by May 12. California State University reported brief platform downtime and later received notice that the attackers accessed usernames, email addresses, and student ID numbers in late April. Instructure stated there was no evidence that passwords, Social Security numbers, financial information, or other highly sensitive data were compromised. Students were advised not to click links during the incident.
Read at sfist.com
Unable to calculate read time
Collection
[
|
...
]