Skepticism Surrounds Claims of Data Deletion in Canvas/Instructure Breach
Security professionals remain skeptical of claims that the ShinyHunters extortion group has deleted data stolen from the Canvas learning management system.
Instructure, the company behind the Canvas learning management system, has announced that it reached an agreement with the data extortion group ShinyHunters to delete stolen data. The breach, which the attackers claimed involved 275 million records, prompted significant concern among the nearly 9,000 affected universities and K-12 schools [The Register].
Instructure stated that it received "shred logs" as digital confirmation that the stolen data, including private chats and email addresses, had been destroyed. The company assured its customers that they would not be extorted as a result of the incident, either publicly or privately.
Despite these assurances, there is widespread skepticism among security professionals regarding the reliability of the attackers' claims. Many observers doubt that the criminals actually deleted the data, questioning the validity of the "shred logs" and the trustworthiness of the extortionists [The Register].