Hackers deface school login pages after claiming another Instructure hack

Education technology giant Instructure on Tuesday disclosed a data breach in which hackers stole students’ private information, including their names, personal email addresses and messages sent between teachers and students.

Now, it appears that hackers have managed to compromise Instructure again, this time defacing several schools’ login pages for the company’s Canvas platform, which allows schools to manage coursework, assignments, and communicate with students.

TechCrunch saw a message posted by the cybercrime group ShinyHunters on the Canvas login pages of three separate schools. A review of the defaced portals shows that hackers inserted an HTML file that changed login screens to display their message.

The letter says the hackers will release the stolen data on May 12 if the company does not negotiate a settlement.

At the time of writing, the Instructure website appeared partially online, sometimes displaying a “Too many requests” error. The company’s Canvas portal displayed a notice stating that it was “currently undergoing scheduled maintenance.”

Instructure did not immediately respond to TechCrunch’s request for comment.

ShinyHunters previously claimed responsibility for the original hack, posting it on its leak site — a site used by web hackers to post stolen data and pressure victims to pay ransoms — in an attempt to blackmail Instructure into paying money to prevent the data from being released to the public. This apparent new breach, coupled with the fact that the hackers chose to notify TechCrunch about the defaced login pages, suggests that the hackers are trying to increase pressure on Instructure and its customers, in hopes of forcing them to submit to the hackers’ demands.

It is unclear how the hackers were able to compromise the login pages. When asked, a ShinyHunters member told TechCrunch they couldn’t comment on details, but said this was the second separate hack.

After the original breach at Instructure, hackers claimed to have stolen data from nearly 9,000 schools around the world, and the stolen files allegedly contained information on 231 million people.

The group has put countless victims at risk over the past two years, following the same financially motivated playbook: hacking, dissemination, and extortion.