Cybercriminals associated with the group ShinyHunters have announced they stole data from almost 9,000 educational institutions worldwide. The breach involves Instructure, a popular cloud-based platform used by schools to manage courses, grades, and student communication. This incident raises concerns about data security in the education sector and how vulnerable school systems really are.

Details of the Data Breach

ShinyHunters states they stole about 280 million records from Instructure, which includes information from teachers, students, and staff members. The hackers claim to have taken tens of thousands to millions of data points from each affected school. While Instructure confirmed the breach, it said no passwords, birth dates, government IDs, or financial info were stolen. Still, names, email addresses, student IDs, and messages exchanged on the platform were compromised.

The hackers have shared their record counts with cybersecurity news outlets, but they haven’t named the specific schools involved. Some students discovered they couldn’t log into their Canvas accounts, the platform used by many schools. The breach appears to have caused widespread disruptions, with affected schools seeing their online portals defaced or redirected to messages from the hackers.

Responses from Instructure and Affected Schools

Instructure acknowledged the breach and responded quickly by patching security vulnerabilities and temporarily shutting down Canvas to prevent further damage. The company also alerted users about the incident, reassuring them that no critical personal information like passwords or financial data had been stolen at the time.

Some institutions, including Harvard University and the University of California Irvine, reported disruptions. Harvard students saw their Canvas access redirected to a message from the hackers, warning of a potential data leak unless negotiations took place by May 12. Similarly, UC Irvine students received pop-up notices with the same warning. The hackers claimed they breached Instructure again, which prompted the platform to take emergency measures to secure its systems.

This incident highlights the ongoing challenges educational institutions face in protecting sensitive data. While Instructure acted swiftly, the scale of the breach shows how vulnerable even major tech providers can be. Educators and students alike are urged to remain vigilant and watch for any suspicious activity related to their online accounts.

Inspired by

• https://www.engadget.com/2167627/instructure-hack-schools/

Sources

• bleepingcomputer.com
• techcrunch.com
• thecrimson.com
• newuniversity.org
• bleepingcomputer.com