Instructure officially disclosed the security incident after the ShinyHunters extortion group listed the company on their data leak site. The company confirmed that unauthorized access led to the exposure of personal details, including names, email addresses, student identification numbers, and private communications between users. Although the investigation is still in its early stages, the company maintains that highly sensitive information such as financial records, government IDs, and passwords remained secure during the intrusion.

In response to the discovery, the technology provider implemented immediate security measures to contain the threat and prevent further unauthorized access. These actions included deploying software patches, increasing system monitoring, and rotating application keys to secure their infrastructure. Consequently, institutional customers using the platform have been required to re-authorize their API access so that new, secure keys can be issued for their specific environments.

The ShinyHunters group, which operates on an extortion-as-a-service model, has made bold claims regarding the scope of the data theft that far exceed the company's initial reports. The hackers assert they have obtained over 240 million records from approximately 15,000 educational institutions spanning North America, Europe, and Asia. This group has a history of targeting major corporate entities through Salesforce vulnerabilities, having previously claimed responsibility for significant breaches at other global organizations.

This latest incident follows a pattern of high-profile attacks by ShinyHunters, who recently targeted other major firms and claimed to have accessed over a billion records in previous campaigns. Their strategy typically involves listing victims on a public leak site to pressure them into paying a ransom. The group’s focus on educational technology highlights a growing trend of cybercriminals targeting platforms that host massive amounts of personal data belonging to students and faculty.

The full extent of the breach remains unverified by independent security researchers, as Instructure has not yet provided specific details regarding the timeline of the attack or the veracity of the ransom demands. Currently, the company is working alongside third-party cybersecurity firms and law enforcement agencies to conduct a forensic analysis of the event. As the investigation continues, schools and universities using Canvas are being urged to remain vigilant and follow the updated security protocols issued by the provider.

Source: https://www.techzine.eu/news/security/140994/shinyhunters-claims-instructure-breach-data-from-275m-users-stolen/