A major cyberattack has disrupted Canvas, the popular educational platform used by colleges and universities nationwide for managing coursework and student grades, according to reports from multiple student publications across the country.
Student journalists at Harvard University’s newspaper, The Crimson, reported that access to the platform was blocked starting Thursday afternoon. The cybercriminal organization ShinyHunters took credit for the breach, stating that Harvard was among “thousands of schools allegedly affected by a breach of Instructure, Canvas’ parent company.”
According to The Crimson’s reporting, when students attempted to log into Canvas, they were instead shown a message from ShinyHunters acknowledging their role in the attack and displaying a catalog of compromised educational institutions.
By Thursday evening, Instructure acknowledged the disruption through its official status webpage, announcing that Canvas and associated platforms had been switched “in maintenance mode” while the company worked to resolve “an issue where some users are having difficulties logging into Student ePortfolios.”
“We anticipate being up soon, and will provide updates as soon as possible,” the company stated on its website. Instructure has not yet responded to media requests for additional information.
The Daily Pennsylvanian at the University of Pennsylvania revealed that ShinyHunters had posted a threatening message on Penn’s Canvas portal the previous week, demanding that any university wanting to prevent data disclosure should reach out to the group before May 12th.
Duke University’s student publication, The Chronicle, confirmed their institution was also impacted by the security breach, which reportedly affected more than 9,000 educational facilities.
Additional student news outlets from UCLA, the University of Nebraska, and other universities have confirmed their schools were also targeted in the widespread attack.
This latest incident continues a pattern of high-profile breaches by ShinyHunters, which has previously targeted major corporations worldwide. Just last month, the group announced they had successfully stolen approximately 80 million business records from Rockstar Games, the company behind the popular Grand Theft Auto video game series.
