Instructure, the company behind the Canvas learning management system, has confirmed a data breach in which personal information of users was stolen. The ShinyHunters extortion gang has claimed responsibility, alleging that nearly 9,000 schools worldwide were affected and that data on approximately 275 million individuals — including students, teachers, and staff — was compromised. Stolen data reportedly includes names, email addresses, student IDs, and private messages. Instructure states no passwords, financial data, or government identifiers were involved so far. The company has patched the exploited vulnerability, increased monitoring, and rotated API keys. ShinyHunters also claims Instructure's Salesforce instance was breached.
Table of contents
Related Articles:Sort: