Mastodawn

Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.

a high doom 6d ago

@cR0w how many assurances to equal one asshole?

@h2onolan Imagine the mindset that's satisfied with that assurance. What an enjoyable way to live as an individual.

a high doom 6d ago

@cR0w “when we said criminal earlier, that was a regrettable mistake. What we meant was partner. A trustworty professional partner who knows where my kids go to school and where the nursing home my mom lives is located”

@h2onolan you think people would do that dot png

@cR0w oh ffs... they paid a ransom?

@r0k Looks like it! Or maybe... they sent a really nice bouquet of flowers and it convinced SH to "assure" Canvas "the data will not be further shared and confirmation that any copies were deleted...?" 🤣 🤣 🤣 🎣
@cR0w

@pa @cR0w those honorable criminals, always keeping their word... so adorable

@r0k @pa giggles in LockBit

@r0k @cR0w I doubt it. They probably just said they did. They just shift blame if anything or anyone contradicts their narrative.

RossMadness 6d ago

@cR0w I'll never understand this logic. "How do you know the morally bankrupt cybercriminals actually got rid of your data?"

"They gave us a receipt."

Yeah...sure...

@rossmadness @cR0w it's never not amusing whenever i read about a big organisations suddenly becoming naive when dealing with morally bankrupt people.

As though as they somehow managed to get to become a multi-million company by just a bunch of "trust us bro"

ROTOPE~1 ⭐️6d ago

@rossmadness @cR0w hold onto that receipt, it's a deductible business expense

nyanbinary 6d ago

@rossmadness @cR0w but but but... their business relies on being trustworthy! They need to, otherwise the industry suffers! And no one would ever act against their industries interest! All the cybertalkingheads told me!!!

blobcatupsidedown

RossMadness 5d ago

@nyanbinary @cR0w I was discussing the Instructure hack with a friend who works for a school district and he stated that almost exactly. I told him that yes, that makes sense if we believe they care about "organization reputation" in the same economic incentive driven context as a regular business. Which I highly doubt. But let's assume they do follow this logic.

What keeps them from selling a copy quietly to another criminal and then THAT criminal actions the data somewhere else without directly saying "Instructure". TAs double dip and keep their "reputation" intact.

fuzzyfuzzyfungus 5d ago

@rossmadness @cR0w It turns out that seeing a way to pretend to solve your problem by spending other people's money and letting other people bear the ongoing risk just gives you a warm feeling of childish trust.

Plus, when you are lawful evil seeing chaotic evil probably just reminds you of your carefree younger days; when you would have been frolicking on the intertubes not being a saashole who has to do earnings calls.

@cR0w So... Instructure will be on the hook if it does happen? I'm not sure how exactly this works on the legal side.

@phil IDK how it works either but I highly doubt they will be held responsible.

@cR0w Sad. There is a definite deficit of accountability.

@phil Isn't that the whole point of becoming a publicly traded company in America? It sure seems that way.

@cR0w The amount of comfort this provides me is *immeasurable.

* It's zero. The number is zero.

@cR0w Gotta feel the seal on the certificate of deletion. If you can't detect the embossed edge around it, the seal is a forgery. That means the adversary did not pinky swear before the registrar of deleted hacks. Which only costs, like, $18. If they didn't spring for that, they definitely must be lying.