Hackers Deface School Login Pages After Instructure Breach
Education technology company Instructure has suffered a second cyber attack, with hackers defacing login pages of several schools using its Canvas platform. This follows an earlier reported data breach where sensitive student information was stolen.
On Tuesday, Instructure disclosed a security incident resulting in the theft of private data, including students’ names, personal email addresses, and messages exchanged between teachers and students. Subsequently, a cybercrime group known as ShinyHunters claimed responsibility for this breach and has now reportedly compromised the platform again.
Hackers altered the login screens of three different schools by injecting an HTML file displaying a message threatening to release the stolen data publicly on May 12 unless Instructure negotiates a settlement. This message appeared on the Canvas login pages, signaling the attackers’ intent to increase pressure on the company and its clients.
At the time of reporting, some parts of Instructure’s website were intermittently accessible, with users experiencing “too many requests” errors. The Canvas portal was marked as undergoing scheduled maintenance. Instructure has not issued an official statement regarding the new breach.
ShinyHunters first publicized the original hack by posting the stolen data on their leak site, a tactic commonly used by cybercriminals to extort victims. In this case, the group claimed to have accessed data from nearly 9,000 schools worldwide, involving information on approximately 231 million individuals.
The precise method used to carry out the recent defacement remains unclear. A representative from ShinyHunters indicated this incident represents a separate breach but declined to provide further details.
This series of attacks underscores ongoing risks faced by education technology platforms, which serve as critical tools for managing school coursework and communication. The repeated targeting of Instructure highlights the importance of robust cybersecurity measures within the education sector to protect sensitive user data from financially motivated cybercriminal groups.