Hackers Deface School Login Pages After Claiming Another Instructure Data Breach

On Tuesday, the education tech giant Instructure disclosed a data breach where hackers stole students' private information, including names, personal email addresses, and messages between teachers and students. This news is shocking as it comes on the heels of another incident that saw hackers deface several schools’ login pages to Instructure’s platform Canvas.

TechCrunch has discovered a message published by the cybercrime group ShinyHunters on the Canvas login pages of three separate schools. The altered login screens now display a threatening message, stating that if Instructure does not negotiate a settlement, the stolen data will be published on May 12.

At the time of writing, Instructure’s website was experiencing issues with partial online functionality and a “too many requests” error. The company's Canvas portal displayed a notice indicating it was undergoing scheduled maintenance, but no official response to TechCrunch’s request for comment has been received yet.

The group ShinyHunters had previously claimed responsibility for the initial hack, publicizing it on its leak site in an attempt to extort Instructure. This new hack and the hackers' choice to notify TechCrunch about the defaced login pages suggest they are intensifying their pressure on both Instructure and its customers.

It remains unclear how the hackers were able to compromise the login pages, but a member of ShinyHunters told TechCrunch that it is a separate breach from the initial incident. Following the original breach at Instructure, the hackers claimed to have stolen data from almost 9,000 schools worldwide, with the information on an alleged 231 million people.

The cybercriminals' playbook involves hacking, publicizing, and extorting their victims. With this latest development, it's clear that Instructure and its customers are facing a significant challenge as they navigate these ongoing threats to student privacy and security.