Hackers steal students' data during breach at education tech giant Instructure

Education tech giant Instructure has confirmed a data breach affecting students’ private information. The hacking and extortion gang ShinyHunters claimed responsibility for the breach.

The hackers claim to have stolen students’ names, their personal email addresses, and messages sent between teachers and students — the same type of data Instructure admitted was stolen.

Instructure is the latest corporate giant hacked by the ShinyHunters gang. The cybercriminals have targeted universities and cloud database companies in recent months, in efforts to steal vast amounts of people’s personal information and threaten to post the data online if the companies do not pay the hackers’ ransom.

A member of ShinyHunters shared a sample of the stolen data with TechCrunch, which included data from two schools in the United States, one in Massachusetts and one in Tennessee. In the case of the one in Massachusetts, the data included messages, which contain names, email addresses, and some phone numbers. As for the school in Tennessee, the sample included students’ full names and email addresses.

The sample did not contain passwords or the other types of data that Instructure said was unaffected by the breach.

Hackers steal students' data during breach at education tech giant Instructure | TechCrunch

Other newsrooms on this story

Related reading

Instructure strikes deal with hackers who breached it twice | TechCrunch

Other newsrooms on this story

Related reading

Instructure strikes deal with hackers who breached it twice | TechCrunch

Canvas owner secures student data in deal with hacking group

Instructure reaches 'agreement' with ShinyHunters to stop data leak

ShinyHunters escalates Canvas attacks with school login defacements

Stolen Canvas data was “returned” after hacker agreement, Instructure says

Instructure strikes deal with ShinyHunters before ransom deadline