(NEXSTAR) — Students and staff of schools across the U.S. are reeling after learning that a well-known hacking group breached private information in the database of Instructure, which powers education technology systems like Canvas.
The breach poses security risk to dozens of colleges and universities, as ShinyHunters, the gang taking credit for the incident, has reportedly sent extortionary messages to Canvas users. Canvas is used by schools nationwide for assignments and grade tracking.
TechCrunch reported on the news on Tuesday, after a member of the group shared a sample of the data they’d allegedly accessed.
(WFRV)
A message sent to users, including a member of Nexstar’s WFRV in Green Bay, reads: “ShinyHunters: rooting your systems since ’19 😉 ShinyHunters have breach Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” WARNING: If any of the schools affected in the list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement.”
Why was Charley Crockett's surprise album 'Clovis' removed from Spotify, Apple Music?
The warning message also gives Instructure a deadline to contact ShinyHunters, which the gang also specified was the end of May 12.
TechCrunch also reported that its review of the portals shows the hackers “injected an HTML file that altered the login screens to display their message.”
Infrastructure, meanwhile, claims it quickly contained and remediated the issue shortly after becoming aware of it. Canvas remains operational.
It’s not currently known just how many people are potentially affected, though some estimate up to 9,000 colleges and universities may be.
According to Nexstar’s WJZY, officials in the Charlotte-Mecklenburg school district were alerted over the weekend about the security breach.
‘Blue dot fever’: Why concert tours keep getting canceled
Infrastructure said information, including “names, email addresses, student ID numbers … [and] messages among users,” was impacted. There was no evidence found that “passwords, dates of birth, government identifiers, or financial information were involved.”
In a statement on Wednesday, the district said, “There is no evidence of ongoing unauthorized access.”
On Thursday, some users were reportedly experiencing difficulties accessing Canvas.
“Canvas is experiencing a global outage that affects Indiana University and other educational institutions. More updates and instructions will be shared as they are available,” the Bloomington college confirmed to Nexstar’s WXIN.
Infrastructure acknowledged an issue with Student ePortfolios on its status page, but other aspects of Canvas remained operational as of Thursday evening.
Nexstar’s Adam Rosen and Ellie Davis contributed to this report.
