Instructure, owner of the Canvas learning management platform, says it has reached an agreement with the ShinyHunters hacking group to recover stolen student data following a breach last week.
The ShinyHunters group claimed responsibility for breaching Canvas systems and threatened to publish 3.5 terabytes of student data unless ransom demands were met. Instructure confirmed the stolen data has been returned as part of the agreement.
The attack forced Canvas offline briefly before the company restored service. ShinyHunters, a known cybercriminal group, had publicly threatened to leak the data online if their "settlement" demands were not satisfied.
Details about the financial terms of the agreement remain undisclosed. Instructure has not specified what information was accessed during the breach or how many students were affected.
Canvas serves millions of students and educators across K-12 schools and higher education institutions globally. The platform hosts course materials, assignments, grades, and other sensitive academic information.
This incident adds to a growing list of education sector breaches targeting learning management systems. Schools and universities increasingly face sophisticated cyberattacks aimed at obtaining personal and financial data of students and staff.
Instructure has not released a full security report detailing how the breach occurred or what preventive measures will be implemented. The company typically provides incident reports to affected institutions and users, though timelines vary.
The agreement with ShinyHunters does not guarantee the data will not be sold or leaked through other channels. Cybersecurity experts note that such agreements with criminal groups offer limited assurance, as stolen data can be copied and distributed despite promises of deletion.
A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.
Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.
A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.
Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.