The widely-used Canvas educational platform has resumed operations Friday following a cyber attack that caused widespread disruption for students preparing for final examinations at thousands of institutions worldwide.
According to Luke Connolly, a threat analyst with cybersecurity company Emisoft, the hacking collective known as ShinyHunters took credit for the security breach. Instructure, Canvas’s parent company, announced late Thursday evening that service had been restored for the majority of users.
The platform serves as a central hub for academic materials including student grades, class notes, homework assignments, and recorded lectures. Connolly reported that the criminal group claimed to have compromised nearly 9,000 educational institutions globally, gaining access to billions of private communications and confidential records.
Evidence provided by Connolly revealed the hackers had been making threats since Sunday to release the stolen information. However, by Friday, both Instructure and Canvas had been taken down from the ransomware group’s dedicated dark web site where they publish compromised data.
The timing of Thursday’s outage could not have been worse for students. Social media platforms were flooded with concerned posts from students who found themselves unable to access essential study materials for upcoming final exams.
Educators scrambled to develop alternative methods to help students prepare for tests and turn in final projects. Some institutions, including the University of Texas at San Antonio, decided to postpone Friday final examinations due to the service interruption.
Educational institutions like Princeton University used X on Thursday night to inform students that “Canvas appears to be available again” while noting that technology support teams were continuing to watch the situation closely.
Educational institutions have become attractive targets for international cybercriminals due to their wealth of digital information, as hackers systematically seek out and steal sensitive data that was once secured in physical filing systems. Previous attacks have targeted major school systems including Minneapolis Public Schools and the Los Angeles Unified School District.
Instructure has remained silent about the incident on its social media channels. The company has not responded to Associated Press inquiries regarding whether ransom payments were made or what steps are being taken with the compromised information.
Connolly noted similarities between the Canvas incident and a previous attack on PowerSchool, another educational technology provider, which resulted in criminal charges against a Massachusetts college student.
According to Connolly’s assessment, ShinyHunters operates as an informal network of teenagers and young adults primarily located in the United States and United Kingdom. The organization has been connected to additional cyber attacks, including a breach targeting Live Nation’s Ticketmaster division.
