Canvas login portals hacked in mass ShinyHunters extortion marketing campaign
Scam detection
The ShinyHunters extortion gang has breached education abilities huge Instructure again, this time exploiting a vulnerability to deface Canvas login portals for a total bunch of colleges and universities.
The defacements, that were seen for roughly half-hour earlier than being taken offline, displayed a message from ShinyHunters claiming responsibility for the earlier Instructure breach and threatening to leak stolen info if a ransom is now not paid.
The message warns that Instructure and colleges earn till May perchance well perchance 12 to contact them to negotiate a ransom, or students’ info will almost definitely be leaked.
“ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some ‘security patches’,” reads the defacement.
“If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by May 12 2026 before everything is leaked,” endured the message.
Defaced College of Texas San Antonio Canvas login web page
BleepingComputer has learned that threat actors defaced the Canvas login portals for roughly 330 tutorial institutions, replacing the identical outdated login pages with an extortion message. This defacement message also seemed within the Canvas app.
The defacement became as soon as allegedly triggered by a vulnerability in Instructure’s systems that allowed the threat actor to change the login portals. Instructure has since taken Canvas offline while they reply to the most modern cyberattack.
The ShinyHunters gang later suggested BleepingComputer that the stolen info included consumer records, private messages, enrollment info, and other info allegedly gathered thru Canvas info export aspects and APIs.
BleepingComputer has persistently contacted Instructure with questions about the assault, at the side of currently’s, and whether they conception on notifying students and workers about the records breach. Nonetheless, our emails have up to now remained unanswered.
Canvas is one of many most widely frail finding out administration systems in greater education and K-12 environments, serving to schools jam up coursework, assignments, grading, and communique between students and college.
This year, threat actors the usage of the ShinyHunters name became amongst the most prolific groups conducting info theft and extortion assaults against firms worldwide.
The extortion gang recurrently breaches third-event integration firms and uses stolen authentication tokens to fetch entry to linked SaaS environments and dangle buyer info.
The threat actors are also known for conducting tell phishing (vishing) assaults focusing on Okta, Microsoft, and Google single signal-on (SSO) accounts, impersonating IT toughen workers to trick workers into entering credentials and multi-factor authentication (MFA) codes on phishing web sites.
As BleepingComputer first reported, the ShinyHunters group has also just currently adopted software program code vishing assaults to earn Microsoft Entra authentication tokens.
After stealing credentials and authentication codes, the threat actors hijack SSO accounts to breach linked venture companies equivalent to Salesforce, Microsoft 365, Google Workspace, SAP, Slack, Adobe, Atlassian, Zendesk, and Dropbox.
While members of the ShinyHunters gang are in fee for a mountainous change of assaults, they’re also known to feature as an extortion-as-a-provider group, conducting extortion on behalf of different threat actors in alternate for a portion of ransom funds.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Self sustaining Validation Summit (May perchance well perchance 12 & 14), sight how independent, context-effectively off validation finds what’s exploitable, proves controls sustain, and closes the remediation loop.
