Canvas maker Instructure reveals data breach — confirms user personal information leaked

20 hours ago 2

A hand holding a credit card in front of a laptop screen with Matrix-style data on it

Instructure confirms cyberattack exposing names, emails, IDs, and user communications
ShinyHunters claims responsibility, alleging data theft from millions across thousands of schools
The incident highlights risks in third‑party integrations, with experts urging stronger access governance

Instructure, the edtech giant behind the popular Canvas learning system, has confirmed suffering a cyberattack and losing sensitive customer data.

The company issued a brief statement, confirming the hit, “While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained,” the notice reads.

Instructure said the crooks accessed “certain identifying information of users” at affected institutions, including names, email addresses, student ID numbers, and user communications.

Article continues below

ShinyHunters strike again

Passwords, dates of birth, government identifiers, or financial information, were not involved.

Still, having names, emails, and communications, is more than enough information to mount highly convincing phishing attacks and identity theft, which could lead to more destructive scams.

Instructure also said it revoked privileged credentials and access tokens associated with affected systems, deployed patches, rotated keys, and implemented increased monitoring across all platforms.

The company did not say how many people were affected by the breach, or who the threat actors were. However, BleepingComputer found the infamous ShinyHunters claimed responsibility by listing the company on its dark web site.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"Nearly 9,000 schools worldwide affected. 275 million individuals data ranging from students, teachers, and other staff containing PII," the crooks wrote.

"Several billions of private messages among students and teachers and students and other students involved, containing personal conversations and other PII. Your Salesforce instance was also breached and a lot more other data is involved."

Apparently, the threat actors managed to access Instructure through a vulnerability in their systems, which the company has subsequently patched. They seem to have stolen files from 15,000 institutions in different places around the world, including Europe, North America, and Asia-Pacific.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article