ShinyHunters Escalates Attacks on Canvas Educational Platform
ShinyHunters has intensified its attack on the Canvas educational platform, causing global service outages and widespread exam disruptions while exposing millions of user records.
The ShinyHunters threat group has escalated its campaign against Instructure, the developer of the Canvas educational SaaS platform, following a major data breach [Malwarebytes Labs]. The incident has caused widespread service disruptions, forcing numerous schools and universities to reschedule final exams as the platform remains unstable [The Register, SecurityWeek].
The breach reportedly involved the theft of hundreds of millions of records, including student and staff information, enrollment details, and private communications, which the attackers allegedly accessed through Canvas export features and APIs [Malwarebytes Labs]. In addition to the data theft, the attackers have engaged in defacing school login pages, further complicating the recovery process for affected educational institutions [Malwarebytes Labs].
Instructure has confirmed the incident and is working with external forensics experts to investigate the scope of the compromise [The Register]. The company is currently managing the fallout while students and faculty face significant academic disruptions. Users are advised to remain vigilant against targeted phishing attempts and identity fraud resulting from the exposed data [Malwarebytes Labs].