Instructure strikes deal with ShinyHunters before ransom deadline

Crisis averted?Edtech giant Instructure, maker of the popular learning management system (LMS) Canvas, announced that it made a deal with the hacking collective known as ShinyHunters to safeguard the user data the group stole during the recent Instructure data breach.According to Instructure CEO Steve Daly, ShinyHunters has agreed not to release the stolen data taken in the breach and will not extort any of Canvas's users.

You May Also Like

Instructure had its systems breached not once but twice by the hacking collective known as ShinyHunters over the past two weeks. On April 30, the cybercriminals said they were able to extract data belonging to 275 million Canvas users at nearly 9,000 schools worldwide. The affected users included students, teachers, and staff, and the data included usernames, email addresses, student IDs, and private messages exchanged on the platform. Some of Instructure's impacted users are underage students.Then, in a second incident last week, ShinyHunters defaced the Canvas login pages for numerous schools due to a weakness in the platform's Free-For-Teacher accounts. The data breaches resulted in Canvas being taken offline multiple times. What's worse, these incidents happened to coincide with finals week for many schools, and the platform downtime resulted in some educational institutions having to reschedule tests and coursework. ShinyHunters had threatened to release the stolen data if Instructure did not "negotiate a settlement" and pay a ransom by May 12.