Education technology giant Instructure has confirmed a data breach affecting students’ personal information. Hacking and extortion organization ShinyHunters claimed responsibility for the breach.
The hackers claim to have stolen students’ names, personal email addresses, and messages sent and received between teachers and students, the same type of data that Instructure acknowledged was stolen.
Instructor is the latest mega-company to be hacked by the ShinyHunters gang. Cybercriminals have targeted universities and cloud database companies in recent months, stealing vast amounts of personal information and threatening to release the data online unless the companies pay ransoms to the hackers.
Members of ShinyHunters shared a sample of stolen data with TechCrunch, including data from two US schools, one in Massachusetts and one in Tennessee. In Massachusetts, the data included messages that included names, email addresses, and some phone numbers. For schools in Tennessee, the sample included student names and email addresses.
It said the samples do not contain passwords or other types of data, and its infrastructure is not affected by the breach.
TechCrunch is not naming the school because the victim has not been identified. According to information posted on their websites, both schools appear to be using Instructural’s platform Canvas. Canvas allows customers to manage coursework and assignments and communicate with students.
ShinyHunters also shared a list of approximately 8,800 schools allegedly affected by this breach. TechCrunch was unable to confirm whether all institutions listed were affected or whether they are Instructural’s customers. Instructure says on its official website that it has more than 8,000 institutions as customers.
When contacted by TechCrunch, Instructor spokesperson Kate Holmes declined to answer several questions about the incident, instead pointing the company to the company’s official page for the latest information on the breach.
On the data breach site where ShinyHunters claims responsibility for the data breach and attempts to pressure victims into paying ransom, the hackers claim the breach affected the data of nearly 9,000 schools and 275 million people, including students, teachers and other staff, around the world. Members of ShinyHunters told TechCrunch in an online chat that the stolen data included a total of 231 million unique emails.
Financially motivated hacker groups are known to exaggerate their claims in order to gain attention from victims as well as the media.
As of Tuesday, Instructor announced that some of its products, such as Canvas, had been restored for customers after maintenance.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
Source link
