Instructor, an education technology company, confirmed a cybersecurity breach that allowed hackers to manipulate its Canvas login portal, leaving extortion messages. BleepingComputer reported that multiple cross-site scripting (XSS) vulnerabilities enabled an attacker to gain administrative access.
After discovering the network compromise on April 29, Instructor revoked access, launched an investigation, and hired forensic experts. The breach, attributed to the group ShinyHunters, resulted in the theft of over 3.6 terabytes of data, impacting 8,809 educational institutions. The stolen data allegedly includes personal information like usernames and course details.
On May 7, the attackers exploited the same vulnerability to inject a warning message on the login page, demanding ransom. Although the canvas system was temporarily offline for security reasons, it resumed service on May 9. No additional data was compromised during this second exploitation, but the initial breach raised significant concerns regarding user data security.
Source link
