On Tuesday, education technology giant Instructure disclosed a data breach where hackers stole students’ private information, including their names, personal email addresses and messages sent between teachers and students.
Now, it appears that hackers were able to breach Instructure again — this time by defacing several schools’ login pages on the company’s Canvas platform, which allows schools to manage courses and assignments and communicate with students.
TechCrunch saw a message posted by cybercrime group ShinyHunters on the Canvas login pages of three separate schools. A review of the defaced portals shows that the hackers inserted an HTML file that changed the login screens to display their message.
The message says the hackers will release the stolen data on May 12 if the company doesn’t “negotiate a settlement.”
At the time of writing, Instructure’s website appeared to be partially online, sometimes displaying a “too many requests” error. The company’s Canvas portal displayed a notice saying it was “currently undergoing scheduled maintenance.”
Instructure did not immediately respond to TechCrunch’s request for comment.
ShinyHunters previously claimed responsibility for the original hack, publicizing it on the leak site — a site hackers use to post stolen data and pressure victims to pay a ransom — in an attempt to blackmail Instructure into paying to keep the data from being released. This seemingly new hack, along with the fact that the hackers chose to alert TechCrunch about the defaced login pages, indicate that the hackers are trying to increase the pressure on Instructure and its customers, hoping to force them to give in to the hackers’ demands.
It is not clear how the hackers were able to compromise the login pages. When asked, a member of ShinyHunters told TechCrunch they couldn’t comment on specifics, but said it was a second, separate breach.
After the initial breach at Instructure, hackers claimed to have stolen data from nearly 9,000 schools worldwide, with the stolen files containing information on 231 million people.
The group has endangered countless victims over the past two years by following the same financially motivated playbook: hack, leak, and blackmail.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
