Kelvinjay/Getty Images ShinyHunters, the extortion group that infiltrated cloud-based educational tech provider Instructure, claims to have stolen data from 8,809 schools around the world. Instructure is mostly known for Canvas, its cloud-based management system used by educational institutions to host course websites and readings, grade assignments, and provide discussion boards, among other uses. The bad actors said they have stolen 280 million records from teachers, students and staff members. They have shared record counts with BleepingComputer, who said that ShinyHunters stole tens of thousands to several million pieces of data per institution.
BleepingComputer didn't name the schools and institutions that were affected, but some students found out theirs were when they couldn't log into their Canvas accounts. TechCrunch says it has seen the defaced login portals of three schools, showing messages that the hackers will publish their stolen data on May 12 if Instructure does not "negotiate a settlement." ShinyHunters told the publication that the defaced logins was made possible by a second, separate breach.
The Harvard Crimson has reported that the university's students lost access to Canvas at 3:30PM on May 7, and that the website redirected to a message from ShinyHunters. The message said that the group had breached Instructure "again" and advised affected schools to negotiate a settlement by May 12 if they don't want data stolen from their teachers and students to be leaked. University of California Irvine's campus newspaper also reported that its students started receiving pop-up notices with the same message from the hackers on Thursday.
Instructure confirmed that it suffered a data breach a few days ago, admitting that the hackers stole names, email addresses, student ID numbers and even messages exchanged between users. It said at the time that it found no evidence of passwords, dates of birth, government identifiers or financial information being stolen. The company rolled out patches for the first incident and shut down Canvas for hours after the warning notices started showing up for students on May 7.
