Instructure confirms data breach, ShinyHunters claims responsibility

According to Bleeping Computer, educational technology company Instructure has confirmed a cybersecurity incident that resulted in the theft of user data, with the ShinyHunters extortion gang claiming responsibility for the attack.

Instructure, known for its Canvas learning management system, disclosed the breach on Friday and stated that personal information of users was exposed. The company's investigation indicates that names, email addresses, student ID numbers, and messages among users were compromised. Instructure has stated there is no evidence that passwords, dates of birth, government identifiers, or financial information were accessed. In response, Instructure has implemented patches, enhanced monitoring, and rotated application keys.

The ShinyHunters gang has listed Instructure on its data leak site, claiming to have stolen data affecting nearly 9,000 schools and 275 million individuals, including private messages and data from a Salesforce instance. The alleged attackers say the vulnerability has been patched. The stolen data reportedly includes names, email addresses, enrolled courses, and private messages, spanning approximately 15,000 institutions globally.

Source: Bleeping Computer