Canvas, the cloud-based learning management system used by more than 8,000 colleges and universities, including all top ten colleges in the U.S., is being held for ransom. A group called Shinyhunters has claimed responsibility for the hack and has given Canvas’ parent company, Instructure, until May 12 to reach a settlement, or else “everything is leaked.”
Canvas outages have been reported nationwide
There’s no word on how many schools have been affected, but reports of students being unable to access Canvas are coming in from universities and colleges all over the country. Over the last half an hour, complaints of Canvas being down have gone from nearly none to over 8,000 on Down Detector.
Credit: Stephen Johnson
A similar breach of Instructure took place in late April or early May, and the company confirmed that names, email addresses, student ID numbers, and private messages exchanged between users were exposed by Shinyhunters, but said there was no evidence of compromised passwords, dates of birth, social security numbers, or financial information.
Instructure updated its software on May 2, saying that it had deployed patches, increased monitoring, and taken other measures meant to contain the damage, a fact referenced by ShinyHunters in the message left for Canvas users:
What do you think so far?
Credit: Stephen Johnson
The hacker group claimed its previous hack added up to over 3 terabytes of data, affecting 275 million students, teachers, and others at close to 9,000 educational institutions. Whether this latest breach will be that large remains to be seen.
What to do if you’re affected by the Canvas outage
While the threat is presumably being resolved, here are some steps students and faculty can take to make their digital data more secure on Canvas.
Change your password: If you can log in, change your Canvas password. If you use the same password for banking, email, and other places, change those as well.
Enable Multi-Factor Authentication (MFA): This adds an extra layer of security.
Beware of phishing emails: If email addresses were compromised, hackers may send highly targeted emails to students. Be suspicious of any messages asking you to install software or share account information.
Monitor your credit: It’s unknown whether financial information was part of the hack, but giving your credit report a check wouldn’t hurt.