A widely used educational platform, Canvas, has been restored following a cyberattack that caused widespread disruption as students prepared for final examinations. The system, which supports thousands of schools and universities in managing coursework, grades, and communications, went offline on Thursday after a breach attributed to the hacking group ShinyHunters.
Recovery and Impact
By Friday, Canvas was operational for most users, according to Instructure, the company behind the platform. The outage created significant challenges for students and educators alike, with many taking to social media to express their concerns about accessing study materials and submitting assignments. Some institutions, such as the University of Texas at San Antonio, postponed finals scheduled for Friday in response to the incident.
Princeton University announced via social media that Canvas appeared to be available again, with IT staff closely monitoring the situation. The hacking group ShinyHunters claimed responsibility, posting online that nearly 9,000 schools worldwide were affected and that billions of private messages and records had been accessed, according to Luke Connolly, a threat analyst at Emisoft. Screen shots provided by Connolly indicated that the group had threatened to leak the stolen data starting Sunday, but by Friday, Instructure and Canvas had been removed from the group's dedicated leak site on the dark web.
Similarities to Previous Attacks
Connolly noted that the Canvas attack bears striking similarities to a breach at PowerSchool, another learning management system, where a Massachusetts college student was charged. ShinyHunters, described as a loose affiliation of teenagers and young adults based in the US and UK, has also been linked to other high-profile attacks, including one targeting Live Nation's Ticketmaster subsidiary.
Educational institutions remain prime targets for cybercriminals due to the wealth of digitized data they hold, including sensitive student and staff information. Past attacks have hit the Minneapolis Public Schools and the Los Angeles Unified School District. Instructure has not commented on whether a ransom was paid or the status of compromised data, and did not respond to requests for comment.
This incident highlights the vulnerability of critical educational infrastructure and the need for robust cybersecurity measures to protect students and staff.
