SHINY HUNTERS DEFACES SCHOOL PORTALS IN INSTRUCTURE HACK

ShinyHunters, a known cybercrime collective, has targeted Instructure for the second time, compromising the learning management platform used by educational institutions worldwide. The group defaced login pages belonging to several Instructure customer schools, replacing them with extortion messages demanding payment. The attack marks another significant breach for Instructure, which provides Canvas, a widely-used learning platform serving thousands of schools and universities. Attack Details ShinyHunters used the compromised login pages as a vector for their extortion scheme, displaying messages to users attempting to access their accounts. This technique puts pressure on institutions to negotiate rather than simply patching the vulnerability. The defacement affected multiple schools simultaneously, suggesting the attackers gained broad access to Instructure's infrastructure or customer data. No official statement has been released regarding the scope of affected institutions or the nature of the compromised data. History of Instructure Breaches This incident follows previous Instructure security incidents, indicating the platform may face ongoing vulnerabilities. Educational technology providers are frequent targets for cybercriminals due to the sensitive student and staff data they hold. Implications The breach highlights security risks within critical education infrastructure. Schools relying on Instructure face potential exposure of student records, grades, and personal information. Parents and students may be at risk if personally identifiable information was accessed. Instructure customers have been advised to monitor accounts for suspicious activity and change passwords. The company typically works with law enforcement and cybersecurity firms to investigate such incidents. ShinyHunters has established a pattern of targeting technology companies and attempting to monetize breaches through extortion. The group's claims of hacking Instructure require verification, though the visible defacement of school portals confirms unauthorized system access.