Canvas education app hack affects 30M users across the world

Canvas, the cloud-based education hub used by more than 30 million active users across 8,000 institutions worldwide, temporarily took all its sites offline Thursday following a massive cyberattack on its parent company, Instructure.

Most users regained access to Canvas later that day, but the targeted cyberattack sent students, professors, and teachers scrambling to share coursework through other mediums on Thursday.

The attack came just in time for final exams, forcing several universities to postpone them.

Hacker group ShinyHunters claimed responsibility for the breach and posted a ransom note stating it had acquired the data of 275 million individuals and had access to “several billions of private messages.”

The group gave Instructure a May 6 deadline to reach out.

ShinyHunters also gave affected institutions until May 12, “to negotiate a settlement.” The ransomware group has previously targeted companies with large datasets, like Microsoft, Ticketmaster, and Salesforce.

Instructure said on Friday that it was “fully back online and available for use.”

What’s next
Instructure is currently working with the FBI to determine the full scope of the breach and ensure the security of its vast digital infrastructure.

The FBI has advised affected people not to engage with messages claiming to have their data.