news.volyx.in

Canvas online again as ShinyHunters threatens to leak schools’ data (theverge.com)

921 points by stefanpie · 68 days ago · 648 comments on HN

Article summary

The learning platform Canvas, owned by Instructure, experienced a massive outage after a ransom message from the hacking group ShinyHunters was displayed, claiming responsibility for a data breach. The breach affected student names, email addresses, ID numbers, and messages. Canvas is now online again, but some users are still experiencing difficulties logging in. Instructure has temporarily shut down its Free-For-Teacher accounts as a precaution.

Main themes

  • Data Breach
  • Ransom Demand
  • Learning Platform Outage
  • Cybersecurity
  • Education Technology

What commenters say

  • The timing of the attack, coinciding with finals, is likely intended to increase pressure on Instructure to pay the ransom.
  • The breach may have compromised the security of multiple schools' Canvas instances, despite claims of isolation and segregation.
  • Instructure's handling of the situation, including the status page messaging, has been questioned by some as inadequate or misleading.
  • The use of multi-tenancy in Canvas's infrastructure may have contributed to the vulnerability of the system to the breach.
  • Some commenters have expressed frustration and concern about the impact of the outage on students and teachers, particularly with graduation and finals approaching.
  • The effectiveness of Instructure's security measures and response to the breach has been called into question by some, with suggestions that the company may have underestimated the severity of the threat.