Shortly after 4 p.m., Instructure, the parent company of Canvas, was hacked by ShinyHunters, a criminal hacker and extortion group. The Canvas webpage for many schools, including Brown, was placed under ransom along with some student data held on the platform.
According to a ransom note posted on the Canvas website, ShinyHunters stated that universities have until May 12 to “negotiate a settlement.” The note was taken down around 4:43 p.m., and the site now displays a page stating that it is undergoing “scheduled maintenance.”
At 4:41 p.m, Instructure wrote that they “are currently investigating this issue” on their status website.
ShinyHunters — a group known for their breaches of large organizations, including many education software companies — first breached Instructure on May 3, the Daily Pennsylvanian reported.
A May 4 announcement from Canvas@Brown stated that a “data security incident involving Instructure” occurred and that security measures had been taken. The May 4 announcement also stated that passwords, dates of birth and government identifiers, including social security numbers, “were not compromised.”
“Brown does not store passwords, dates of birth, government identifiers or financial information in Canvas, and there is therefore no risk to this information being exposed for any Brown community as part of this breach,” Vice President for Information Technology and Chief Information Officer Christopher Keith wrote in a Thursday evening email to the Brown community.
Keith added that potentially compromised data “may include names, email addresses, student ID numbers and messages exchanged in Canvas.” He advised community members who logged into Canvas between 4:00 and 4:30 p.m. to reset their Brown password through the Office of Information Technology.
“This was an external vendor incident involving Instructure — not a direct compromise of Brown systems — and we are taking all possible steps to ensure our environment remains secure,” he wrote.
In a Thursday evening email to the Brown community, Provost Francis Doyle wrote that the University does “not yet have a timeline” for restoring Canvas access.
All final exams scheduled for Friday will proceed as scheduled, Doyle added. He noted that instructors who rely on Canvas for their courses, such as for assignment submissions, should communicate alternative plans to students.
The webpage displaying the ransom note, which may have been controlled by “the entity behind the Instructure cyber incident,” was available for about 20 minutes, according to Doyle.
“Staff in OIT and Digital Learning & Design took immediate steps to mitigate any ongoing threat to the Brown community and begin the work of developing a full response plan,” he added.
This is a developing story. Check back for more updates.
Ian Ritter is a university news and science & research editor, covering graduate schools and students. He is a junior concentrating in chemistry. When he isn’t at The Herald or exploding lab experiments, you can find him playing the clarinet or watching the Mets.
Emily Feil is a university news and metro editor covering staff & student labor and RISD. She is from Long Beach, NY and plans to concentrate in English and international & public affairs. In her free time, she can be found watching bad TV and reading good books.
Click Here For The Original Source.
