Education Tech Giant Instructure Cuts Deal with Hackers to Retrieve Stolen Data – But At What Cost?
In a move that’s got the tech world buzzing, education technology company Instructure, the folks behind the widely used Canvas learning management system, has reportedly struck a deal with a notorious hacker group called ShinyHunters. The goal? To get back a massive haul of customer data that was stolen in a recent cyberattack.
This isn’t the first time Instructure has faced a digital shakedown, but this latest incident was particularly alarming. ShinyHunters managed to snatch hundreds of gigabytes of sensitive information from Canvas’s cloud-based systems. We’re talking about potentially exposing the names, email addresses, and even private messages of around 280 million Canvas users. Imagine the shock if your personal chats were suddenly up for grabs!
The hacker group had set a deadline of May 12, threatening to leak all this data if Instructure didn’t engage with them. Well, it seems Instructure blinked first. They’ve now confirmed that an “agreement” was reached, and the stolen data has been returned. Not only that, but they also received “digital confirmation of data destruction” – basically, proof that ShinyHunters deleted their copies – and an assurance that no Instructure customers would be extorted in the future.
Here’s the kicker: Instructure hasn’t spilled the beans on the full terms of this agreement, especially whether any money changed hands. However, their earlier statements hinted at their reasoning, suggesting they felt it was crucial to take every possible step to give their customers some peace of mind, despite the tricky situation.
Now, this decision to negotiate with cybercriminals goes directly against official advice from law enforcement agencies like the FBI. The FBI has a clear stance: they generally don’t support paying ransoms in cyberattacks. They even put out a warning last week, advising anyone contacted by hackers claiming to have their data to avoid sending payments or responding to demands.
ShinyHunters isn’t just targeting education tech; they’re a group with a reputation. They recently claimed to have breached Nvidia’s GeForce Now, saying they “pulled their entire database.” They also tried to extort Rockstar, the studio behind GTA 6, last month, though it turned out they didn’t have as much valuable data as they claimed.
So, did Instructure pay up? How much? We still don’t know, and Instructure’s latest update doesn’t explain their rationale for making this deal with a known cybercriminal group. However, they’ve promised to shed more light on the situation and their efforts to strengthen their systems in an upcoming webinar. For all you students and gamers out there who rely on online platforms, this is a stark reminder of the constant battle for cybersecurity!