Education tech giant Instructure has confirmed data breach affecting students’ personal information. Hacking and extortion gang ShinyHunters claimed responsibility for the breach.
The hackers claim to have stolen students’ names, personal email addresses and messages sent between teachers and students – the same type of data he admitted was stolen.
Instructure is the latest corporate giant to be hacked by the ShinyHunters gang. Cybercriminals have targeted universities and cloud database companies in recent months in attempts to steal vast amounts of people’s personal information and threaten to publish the data online if the companies don’t pay the hackers’ ransom.
A ShinyHunters member shared a sample of the stolen data with TechCrunch, which included data from two schools in the United States, one in Massachusetts and one in Tennessee. In the case of Massachusetts, the data included messages, which contain names, email addresses and some phone numbers. For the school in Tennessee, the sample included students’ full names and email addresses.
The sample did not contain passwords or other types of data that Instructure said were not affected by the breach.
TechCrunch is not naming the schools as they are not confirmed victims. Based on information displayed on their websites, both schools appear to use Instructure’s Canvas platform, which allows customers to manage courses and assignments and communicate with students.
ShinyHunters also shared a list of around 8,800 schools reportedly affected by the breach. TechCrunch could not confirm whether all the institutions listed were affected, nor if they are Instructure customers. On its official website, Instructure he says has more than 8,000 institutions as clients.
When reached by TechCrunch, Instructure spokeswoman Kate Holmes did not answer many questions about the incident, instead referring to the company’s information official page where it posts updates about the breach.
On the data breach website, where ShinyHunters claims data breaches and attempts to pressure victims to pay ransoms, the hackers claim the breach affected nearly 9,000 schools worldwide and the data of 275 million people, including students, teachers and other staff. In an online chat, the ShinyHunters member told TechCrunch that the total unique emails included in the stolen data totaled 231 million.
Financially motivated hacker groups are known to exaggerate their claims to garner the attention of the media, as well as their victims.
From Tuesday, Instructure he said some of its products, such as Canvas, were restored for customers after maintenance.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
