Educational technology giant Instructure has confirmed a data breach affecting students’ private information. The gang of hackers and extortionists brighthunters responsibility for non-compliance was claimed.
The hackers claim to have stolen students’ names, their personal email addresses, and messages sent between teachers and students; the same type of data that Instructure admitted was stolen.
Instructure is the latest corporate giant hacked by the ShinyHunters gang. Cybercriminals have specific universities and cloud database companies in recent months, in an effort to steal large amounts of people’s personal information and threaten to publish the data online if companies do not pay the hackers’ ransom.
A member of ShinyHunters shared a sample of the stolen data with TechCrunch, which included data from two schools in the United States, one in Massachusetts and another in Tennessee. In the case of the Massachusetts one, the data included messages containing names, email addresses and some phone numbers. As for the Tennessee school, the sample included students’ full names and email addresses.
The sample did not contain passwords or other types of data, which Instructure said were not affected by the breach.
TechCrunch is not naming the schools because they are not confirmed victims. Based on information on their websites, both schools appear to use Instructure’s Canvas platform, which allows customers to manage coursework, assignments, and communicate with students.
ShinyHunters also shared a list of around 8,800 schools allegedly affected by the breach. TechCrunch could not confirm if all of the institutions listed were affected or if they are Instructure clients. On its official site, Instructure says It has more than 8,000 institutions as clients.
When contacted by TechCrunch, Instructure spokesperson Kate Holmes did not answer several questions about the incident and instead referred to the company. official page where you post updates about the breach.
On their data breach site, where ShinyHunters claims responsibility for data breaches and attempts to pressure victims to pay a ransom, hackers claim that the breach affected nearly 9,000 schools worldwide and the data of 275 million people, including students, teachers and other staff. In an online chat, the ShinyHunters member told TechCrunch that the total unique emails included in the stolen data amount to 231 million.
Financially motivated hacking groups are known to exaggerate their claims to attract the attention of the media as well as their victims.
Starting Tuesday, Instructure saying Some of its products, such as Canvas, were refurbished for customers after undergoing maintenance.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
