Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Espionage

June 25, 2026

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
Facebook X (Twitter) Instagram
Thursday, June 25
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Canvas Maker Instructure Reaches Agreement With Cybercriminals
News

Canvas Maker Instructure Reaches Agreement With Cybercriminals

Team-CWDBy Team-CWDMay 13, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Canvas Learning Management System maker Instructure has come to terms with the cybercriminal extortion group responsible for data stolen in last month’s breach affecting nearly 9000 educational institutions.

In an incident update, the Utah-based education technology firm said it had “reached an agreement with the unauthorized actor involved in this incident.”

The company has not stated whether money exchanged hands, though the attackers, understood to be the ShinyHunters collective, typically extorts victims into Bitcoin payments via encrypted negotiations.

Data Returned 

Instructure said the arrangement covers all affected customers and individual institutions do not need to engage with the attackers.

The stolen data has reportedly been returned, and the company has received what it described as digital confirmation of its destruction, alongside assurances that no Instructure customer will be separately extorted.

The firm acknowledged the inherent uncertainty of dealing with cybercriminals but said it had taken every step within its control to reassure customers.

Read more on the Canvas extortion campaign: ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign

Notably, engaging with ransomware groups runs counter to law enforcement guidance globally and offers no guarantee that exfiltrated data has actually been destroyed.

Phishing Risk Outlasts the Settlement

The original breach exploited an undisclosed flaw concerning support tickets in the Free-For-Teacher version of Canvas, allowing attackers to siphon about 275 million records.

Stolen fields included usernames, email addresses, course names, enrollment information and messages, though Instructure has stressed that course content, submissions and credentials were not compromised.

A second wave on May 7 saw attackers deface Canvas login portals at roughly 330 institutions with extortion messages, setting a May 12 deadline for negotiation.

Researchers at Halcyon, the cybersecurity firm tracking the campaign, warned that the leaked records could be used to “impersonate school administrators, IT support or financial aid offices” in follow-on attacks.

Even with stolen data ostensibly returned, Halcyon urged affected institutions to issue phishing advisories and direct communications to staff, students and parents without delay.

Instructure has temporarily shut down Free-For-Teacher accounts, revoked privileged credentials and access tokens for affected systems, rotated internal keys and deployed additional security controls.

The company said it is also working with forensic vendors and conducting a comprehensive review of the exposed data.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleThe Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
Next Article China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Team-CWD
  • Website

Related Posts

News

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

June 24, 2026
News

Researchers Trick AI Browsers Into Leaking Credentials

June 24, 2026
News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

June 24, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

What parents should know to protect their children from doxxing

November 28, 2025

Scams target soccer fans with fake World Cup tickets, merchandise

May 22, 2026

Watch out for SVG files booby-trapped with malware

September 22, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.