\n<\/p>\n
<\/div> Follow ZDNET: <\/em>Add us as a favorite source<\/a> On Google.<\/em><\/p>\n Canvas is at the center of an ongoing cyberattack and data extortion attempt by a well-known cybercriminal group, which claims to have stolen student records. If you’re a Canvas user, you can take defensive measures now.<\/p>\n Also: No one pays ransomware demands anymore \u2013 so attackers have a new target<\/strong><\/p>\n Canvas Instruction is a learning management system (LMS) from Instruction, a Salt Lake City-based educational technology company 2008<\/a>.<\/p>\n Designed for remote learning, Canvas has been adopted by thousands of schools for course creation and management, grading, feedback, and coursework submission. Instructor says the LMS now supports millions of users \u2013 students and parents \u2013 and has recorded 27 million mobile app downloads. Canvas is available in over 100 countries. <\/p>\n While Canvas claims 100%<\/a> uptime notice on its website, instructables CISO Steve Proud Said<\/a> Last week the LMS “recently experienced a cybersecurity incident perpetrated by a criminal threat actor.”<\/p>\n The company started investigation. On May 6, Proud said the company believed the incident had been “contained” but that some data may have been exposed \u2013 and it didn’t take long for students to begin reporting login problems.<\/p>\n Plus: The shady SIM farm behind those persistent scam messages \u2014 and how to stay safe<\/strong><\/p>\n On Thursday, May 7, the Canvas login interface was defaced, with ransom notes allegedly posted by the ShinyHunters group as it moved from data theft to public extortion. Students who attempted to log in were unable to access their course materials, possibly a deliberate attempt by cyber attackers to pressure the instructor into paying with finals looming. <\/p>\n In response, Canvas displayed a maintenance mode page, an action that was drawn Criticism<\/a>. <\/p>\n hackers’ ransom note<\/a>which has since circulated online, demanding that Instruct contact the group by May 12. <\/p>\n “ShinyHunters has (again) violated the directive,” the note reads. “Instead of contacting us to resolve it, they ignored us and did some ‘security patch’.”<\/p>\n While access has reportedly been restored most users<\/a>With the deadline approaching, this may not be the end of the story.<\/p>\n ShinyHunters are a group of cyber criminals who extort money from companies. Since ShinyHunter came into limelight in 2020 over multiple violations of the company working style <\/em>The goal is to quietly infiltrate a business, steal information, and then publicly pressure the victim to “compromise.”<\/p>\n Also: Best Free VPNs: Expert Tests and Reviews<\/strong><\/p>\n often associated with large-scale violations, shiny hunter<\/a>Like many other cybercriminal groups, operates a “leak site”. Leak sites are public-facing websites that list alleged victims and stolen items, and often include a demand for payment. <\/p>\n If a victim fails to comply, the information stolen from them may be published. Removing the victim’s name from the leak site could also be part of the negotiations. <\/p>\n ShinyHunters almost threatens to leak data 275 million<\/a> If its demands are not met then students of 8,800 educational institutions. <\/p>\n Also: I’m a tech professional, and an AI job scam almost fooled me \u2014 here’s how I got caught<\/strong><\/p>\n According to the Instruction, the exposed data may include:<\/p>\n “At this time, we have found no evidence that passwords, dates of birth, government identifiers or financial information were involved,” the instructor said. \u201cIf this changes, we will notify any affected institutions.\u201d<\/p>\n It is not known whether Instruct has communicated with the ShinyHunters. The instructor said he is currently “not seeing any unauthorized activity.”<\/p>\n Too: <\/strong>This critical Linux vulnerability is putting millions of systems at risk – how to protect yourself<\/strong><\/p>\n The company has revoked privileged credentials and access tokens associated with the affected systems, deployed security patches \u2013 though no related vulnerabilities have been disclosed yet \u2013 and rotated security keys. Instructor said it has also increased monitoring across all its platforms. <\/p>\n “As a precaution, we recommend customers follow security best practices, including enforcing MFA on privileged accounts, reviewing administrator access, and rotating API tokens or keys where applicable,” the company said. <\/p>\n Too: <\/strong>These 5 important Windows Defender settings are turned off by default \u2013 turn them on ASAP<\/strong><\/p>\n ZDNET has contacted Instructables and will update if we hear back. <\/em><\/p>\n<\/div>\nZDNET Highlights<\/h3>\n
\n
What is canvas?<\/h2>\n
What happened?<\/h2>\n
What is ShinyHunters?<\/h2>\n
What information was stolen?<\/h2>\n
\n
instructor’s response<\/h2>\n
6 steps to take immediately<\/h2>\n
\n