Canvas Hackers Target Dozens More Colleges

ShinyHunters may have accessed the Oracle PeopleSoft software suite at more than 100 organizations.

Photo illustration by Justin Morrison/Inside Higher Ed | SuperCubePL/iStock/Getty Images

ShinyHunters, the cybercrime group behind last month’s Canvas hack, may have gained access to human resources and financial management software at dozens of colleges, Higher Ed Dive reported Monday.

ShinyHunters may have accessed the Oracle PeopleSoft software suite at more than 100 organizations between May 27 and June 9, according to a blog post from Google Threat Intelligence Group and the cybersecurity firm Mandiant. About 68 percent of those organizations are colleges or universities, and most are based in the U.S. Oracle sent out a security alert on June 10 but did not say whether any of its users had been breached.

“While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS,” the blog post stated.