Canvas login portals hacked in mass ShinyHunters extortion campaign

A recent wave of hacking incidents has compromised the security of Canvas login portals at numerous colleges and universities, with the ShinyHunters extortion gang claiming responsibility for the breaches¹. The attackers exploited a vulnerability to deface the login portals, marking the latest incident in a series of security incidents targeting education technology giant Instructure. The scope of the attack is significant, with hundreds of educational institutions affected. The incident highlights the ongoing risks posed by extortion gangs and the importance of robust security measures to protect sensitive systems. As educational institutions increasingly rely on digital platforms, the potential impact of such breaches on students, faculty, and staff grows. The fact that ShinyHunters was able to exploit a vulnerability to carry out the attack underscores the need for proactive security measures, including regular vulnerability assessments and patching. This incident matters to security practitioners because it underscores the need for vigilance in protecting against extortion campaigns.