Mastodawn

BrianKrebs May 8

New, from me: Canvas Breach Disrupts Schools and Colleges Nationwide

"An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions."

"Canvas parent firm Instructure responded to today's defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students."

Lots more here:

https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/

#canvas #breach #shinyhunters #instructure

Instructure says it paid a ransom. SMH

"STATUS UPDATE 5/11/26

We know that concerns about the potential publication of data related to this incident remain top of mind for many customers. We understand how unsettling situations like this can be, and protecting our community remains our top priority."

"With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident. As part of that agreement:"

"The data was returned to us.
We received digital confirmation of data destruction (shred logs).
We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise."

'This agreement covers all impacted Instructure customers, and there is no need for individual customers to attempt to engage with the unauthorized actor.
While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible. We continue to work with expert vendors to support our forensic analysis, further harden our environment, and conduct a comprehensive review of the data involved. We will continue to provide updates as that work progresses."

https://www.instructure.com/incident_update

Security Incident Update & FAQs

Instructure

Mike Sheward May 12

@briankrebs “the criminals have informed us they will do no other crimes, and who are we to believe otherwise”

@SecureOwl
Scout's honor
@briankrebs

Dan Schnau May 12

@SecureOwl @briankrebs what a joke

Mike Sheward May 12

@danschnau @briankrebs maybe its just the final lesson of the semester, no matter how hard you work, someone will come a long at the last second, steal it, and get paid more than you can ever imagine

setting them students up for the AI economy

Dan Schnau May 12

@SecureOwl @briankrebs it definitely doesn’t do much to combat the belief that “crime doesn’t pay” when literally it does

Joe ❌👑May 12

@briankrebs Wow, if there's a "shred log", we are really sure that they deleted all the data and don't retain any copies to blackmail us again with.

@not2b @briankrebs Logs can't be doctored, it's literally impossible.

(big, fat, /s)

John Breen May 12

@briankrebs Wait, "shred logs" are a thing ?

...They promised they destroyed the negatives...

Also, "there is no need for individual customers to attempt to engage with the unauthorized actor" sounds a little like "pay no attention to the man behind the curtain".

They don't have your data, so go ahead and engage them, right ?

Cliff'sEsportCorner May 12

@briankrebs "received digital confirmation of data destruction" umm https://www.youtube.com/watch?v=dTRKCXC0JFg

Princess Bride, "You keep using that word. I do not think it means what you think it means."

YouTube

@briankrebs it's real weird to pay the ransom for positive PR

Isaac Lyman May 12

@briankrebs I like to think “shred logs” is an interjection by their hype man. It’s not a PR statement, it’s rap lyrics

Doug Levin May 12

@briankrebs FWIW, exact same thing went down with PowerSchool, another big education company. ShinyHunters had publicy pantsed Instructure here and without drastically acting they would be out of business in a matter of weeks. Still going to be a rough road for them going forward. In an effort to preserve their own hide, they pushed the risk to the rest of us and basically just funded the next Salesforce-type campaign.

tehfishman May 12

@briankrebs these people are so credulous that they would lose a game of peek-a-boo

adison verlice May 12

@briankrebs asn't that the company that hosted canvus?

@briankrebs damn they really just made every other company in education a target

@briankrebs what does this even mean:

"The data was returned to us. We received digital confirmation of data destruction (shred logs).”

…other than *absolutely nothing*?

Alun Jones May 12

@europlus @briankrebs what it realistically means is "we have to do this when paying the ransom, otherwise, when Shiny Hunters inevitably later release the data, we will be sued for not having done this".
Paying the ransom makes zero sense, unless the data is destroyed in some existential sense to Instructure.

BrianKrebs May 12

@europlus Oh crap. That reminds me: I have to go shred some logs.

@briankrebs that almost sounds NSFW…