Schools disrupted across the country due to canvas violations: 6 steps to be taken now

Follow ZDNET: Add us as a favorite source On Google.

ZDNET Highlights

• Canvas was disrupted by a cyberattack this week.
• Many students are unable to access popular educational portals.
• Instructor says data was stolen; What should Canvas users do next?

Canvas is at the center of an ongoing cyberattack and data extortion attempt by a well-known cybercriminal group, which claims to have stolen student records. If you’re a Canvas user, you can take defensive measures now.

Also: No one pays ransomware demands anymore – so attackers have a new target

What is canvas?

Canvas Instruction is a learning management system (LMS) from Instruction, a Salt Lake City-based educational technology company 2008.

Designed for remote learning, Canvas has been adopted by thousands of schools for course creation and management, grading, feedback, and coursework submission. Instructor says the LMS now supports millions of users – students and parents – and has recorded 27 million mobile app downloads. Canvas is available in over 100 countries.

What happened?

While Canvas claims 100% uptime notice on its website, instructables CISO Steve Proud Said Last week the LMS “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.”

The company started investigation. On May 6, Proud said the company believed the incident had been “contained” but that some data may have been exposed – and it didn’t take long for students to begin reporting login problems.

Plus: The shady SIM farm behind those persistent scam messages — and how to stay safe

On Thursday, May 7, the Canvas login interface was defaced, with ransom notes allegedly posted by the ShinyHunters group as it moved from data theft to public extortion. Students who attempted to log in were unable to access their course materials, possibly a deliberate attempt by cyber attackers to pressure the instructor into paying with finals looming.

In response, Canvas displayed a maintenance mode page, an action that was drawn Criticism.

hackers’ ransom notewhich has since circulated online, demanding that Instruct contact the group by May 12.

“ShinyHunters has (again) violated the directive,” the note reads. “Instead of contacting us to resolve it, they ignored us and did some ‘security patch’.”

While access has reportedly been restored most usersWith the deadline approaching, this may not be the end of the story.

What is ShinyHunters?

ShinyHunters are a group of cyber criminals who extort money from companies. Since ShinyHunter came into limelight in 2020 over multiple violations of the company working style The goal is to quietly infiltrate a business, steal information, and then publicly pressure the victim to “compromise.”

Also: Best Free VPNs: Expert Tests and Reviews

often associated with large-scale violations, shiny hunterLike many other cybercriminal groups, operates a “leak site”. Leak sites are public-facing websites that list alleged victims and stolen items, and often include a demand for payment.

If a victim fails to comply, the information stolen from them may be published. Removing the victim’s name from the leak site could also be part of the negotiations.

What information was stolen?

ShinyHunters almost threatens to leak data 275 million If its demands are not met then students of 8,800 educational institutions.

Also: I’m a tech professional, and an AI job scam almost fooled me — here’s how I got caught

According to the Instruction, the exposed data may include:

• Name
• email addresses
• student id number
• messaging between users

“At this time, we have found no evidence that passwords, dates of birth, government identifiers or financial information were involved,” the instructor said. “If this changes, we will notify any affected institutions.”

instructor’s response

It is not known whether Instruct has communicated with the ShinyHunters. The instructor said he is currently “not seeing any unauthorized activity.”

Too: This critical Linux vulnerability is putting millions of systems at risk – how to protect yourself

The company has revoked privileged credentials and access tokens associated with the affected systems, deployed security patches – though no related vulnerabilities have been disclosed yet – and rotated security keys. Instructor said it has also increased monitoring across all its platforms.

“As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing administrator access, and rotating API tokens or keys where applicable,” the company said.

6 steps to take immediately

1. School Update: As this security incident appears to affect thousands of schools and educational institutions, contact your institution or visit its website and communication channels for updates.
2. passwords: Whenever you suspect that you are involved in a data breach, the first thing you should do is change the password you use to access your account. If you’re using the same password to access other online services, change those passwords as well. If the ransomware group releases the stolen data and manages to capture the credentials, those credentials could be made public. You should consider using a password manager to create complex passwords and receive leak alerts.
3. Have I been taken hostage?: It is too early to record this data breach and any subsequent data leaks Have I been taken hostage?But we recommend visiting this website frequently to check if you have been involved in any online data breach. It’s free, and all you need to do is search for your email address.
4. Enable 2FA/MFA: If you haven’t already done so, enable two-factor or multi-factor authentication on your affiliate accounts.
5. Keep an eye on your email: If Canvas follows proper procedures, it should notify users if their information has been exposed – keep an eye out for any updates.
6. Beware of phishing: However, if stolen email addresses or contact details are leaked online, they could be used in targeted phishing campaigns, so be careful if you receive correspondence that appears to be from your school or Canvas. If there are any signs of a phishing attempt – such as strange grammar, fake email addresses, or requests to click on unofficial links or open attachments – first verify it by phone or some other means.

Too: These 5 important Windows Defender settings are turned off by default – turn them on ASAP

ZDNET has contacted Instructables and will update if we hear back.