A system used by thousands of schools and universities to support instruction came back online Friday after it went down during a cyberattack that created chaos as students tried to study for final exams.
The hacking group called ShinyHunters claimed responsibility for the Canvas breach, said Luke Connolly, a threat analyst at cybersecurity firm Emisoft. Instructure, the company behind Canvas, said in an update Thursday evening that the system was available to most users.
Canvas is used to manage grades, course notes, assignments, lecture videos, and more. The hacking group posted online that nearly 9,000 schools around the world were affected and billions of private messages and other records were accessed, Connolly said.
Screenshots provided by Connolly showed that the group began threatening to leak the large amount of data on Sunday. On Friday, Instructure and Canvas had been removed from a dedicated leak site created by the ransomware group on the dark web to publish stolen data.
Canvas went down on Thursday at the worst possible time. Students quickly took to social media, with many panicking because they could no longer view course materials hosted on the platform to study for their final exams.
Teachers said they had to find solutions to help students study for exams and submit final assignments. And some schools, such as the University of Texas at San Antonio, announced they would delay final exams scheduled for Friday in response to the disruption.
Schools including Princeton University took to X on Thursday evening to announce that “Canvas appears to be available again” and that information technology staff were monitoring the situation.
Rich in digitized data, the nation’s schools are prime targets for remote criminal hackers, who assiduously locate and collect confidential files that not long ago were stored on paper in locked cabinets. Previous attacks have affected Minneapolis public schools and the Los Angeles Unified School District.
Instructure has not posted about the attack on its social networks. The company did not immediately respond to emails from The Associated Press asking if it paid a ransom and asking what happened to the compromised data.
Connolly said the attack on Canvas is strikingly similar to a breach in PowerSchool, which also offers learning management tools. A Massachusetts college student was charged in that case.
Connolly described ShinyHunters as a loose membership of teens and young adults based in the United States and the United Kingdom. The group has also been linked to other attacks, including one targeting Live Nation’s Ticketmaster subsidiary.
Associated Press education coverage receives financial support from multiple private foundations. AP is solely responsible for all content. Find AP’s standards for working with philanthropic organizations, a list of supporters and funded coverage areas at AP.org.
Associated Press