Canvas Platform Restored After Unauthorized Access

An international cyberattack on the Canvas educational platform created by Instructure partially restored service for most users on Saturday after the company took the system offline on Thursday. Instructure detected unauthorized activity on April 29 and tied the intrusion to an issue involving its Free-For-Teacher accounts.

The company took Canvas offline on Thursday, engaged outside forensic experts, and notified the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency.

It temporarily shut down its Free-For-Teacher accounts after confirming the unauthorized actor exploited an issue related to those accounts. ShinyHunters, a global cybercrime syndicate established in 2019, claimed responsibility for the cyberattack on Canvas. 5 terabytes of data from Canvas, including names, email addresses, student ID numbers and private messages.

ShinyHunters threatened to release the stolen data if ransoms were not paid by May 12. On May 5, ShinyHunters posted a message saying Instructure had "not even bothered speaking to us" to prevent a data leak. " ShinyHunters has previously claimed responsibility for a data breach at Rockstar Games.

Instructure stated that names, email addresses, student ID numbers and private messages were compromised. Instructure stated there was no evidence that passwords, Social Security numbers or financial data were exposed. The company said most services were restored by Thursday though some maintenance issues remained under investigation.

Instructure stated on Saturday that Canvas is now available for most users. No incidents were reported on Saturday after partial restoration of Canvas. Canvas is used by more than 8,000 schools and universities globally, and about 30 million people across the globe use the Canvas system.

The breach targeted close to 9,000 institutions across the globe. The group targeted almost 9,000 schools. Affected countries include the United States, the Netherlands, Sweden, Australia and the United Kingdom.

The Federal Bureau of Investigation said it was aware of a service disruption impacting a learning system. The FBI stated the disruption has impacted schools, educational institutions, and students across the country. The FBI statement was issued on Friday.

U.S. schools are in the middle of exam season. Institutions including Penn State, Harvard, Illinois, Columbia and Georgetown are scrambling to extend or change exam deadlines. The Harvard Crimson said it could not access Canvas since Thursday.

The University of Cambridge temporarily suspended access to Canvas on Friday. The University of Sydney reported on Saturday that Canvas had been restored but was not yet accessible to staff or students pending completion of checks. The University of Alberta said Canvas was partially restored with reduced functionality.

Mississippi State University is among the thousands of schools affected. The cyberattack disrupted coursework, exams and student communications.

“This goes to show how vulnerable schools are, how vulnerable other institutions are by individuals who seek to exploit or extort at the worst possible time – armed with just a keyboard and a mouse." — Phil Lavelle, Al Jazeera correspondent in Florida. The data accessed from over 275 million people according to ShinyHunters. Instructure confirmed the unauthorized actor exploited an issue related to Free-For-Teacher accounts.”