Hackers steal student information during breach of Instructure’s education technology giant

Education tech giant Instructure has it has been confirmed data breach involving students’ personal information. A group of extortion and expropriation ShinyHunters he said that he was the one who broke the rules.

The hackers reportedly stole student names, email addresses, and messages sent between teachers and students — the same type of data that Instructure admitted was stolen.

Education is the latest giant of the ShinyHunters team. Cyber ​​criminals have target universities and cloud database companies in recent months, to steal people’s private information and threaten to post it online if the companies don’t pay the hackers a ransom.

A member of ShinyHunters shared examples of stolen data with TechCrunch, which included data from two schools in the United States, one in Massachusetts and the other in Tennessee. In the case of Massachusetts, this data included communications, including names, email addresses, and phone numbers. For schools in Tennessee, the sample included students’ full names and email addresses.

The sample did not contain passwords or other types of data that Instructure said were not affected by the breach.

TechCrunch is not naming the schools because they have not been confirmed as victims. Based on information available on their website, both schools appear to be using Instructure’s Canvas, which allows customers to manage courses, assignments, and student communications.

ShinyHunters also shared a list of nearly 8,800 schools that were reportedly affected by the breach. TechCrunch could not confirm whether all the organizations mentioned were affected, or whether they are Instructure customers. On his official website, Instructure he says has more than 8,000 organizations as customers.

When reached by TechCrunch, Instructure spokeswoman Kate Holmes did not answer several questions about the incident, and instead spoke about the company. official website while printing updates on the breach.

On its official website, where ShinyHunters claims to be responsible for the data breach and attempts to force victims to pay ransom, the hacker says the breach has affected nearly 9,000 schools worldwide, as well as the information of 275 million people, including students, teachers, and other employees. In an online chat, a member of ShinyHunters told TechCrunch that the unique emails included in the hacked content are 231 million.

Money laundering groups are known to exaggerate their claims to gain media attention, as well as victims.

From Tuesday, Education he said some of its products, such as Canvas, were returned to customers after repairs.