Friendly forums for passionate Dems!
More than 94 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Canvas hack shuts down Le...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

usonian

(26,364 posts) Thu May 7, 2026, 07:57 PM 13 hrs ago

Canvas hack shuts down Learning Apps at MANY CAMPUSES, worldwide

The list goes on MIT, UW Madison, Penn, Harvard ... Just one article of many on this monster hack.
https://www.dailycardinal.com/article/2026/05/canvas-hack-shuts-down-operations-at-uw-madison-worldwide

Apparently, school websites are up but their LMS (Learning Management Systems) Instructure/Canvas software may be offline after being hacked.

ShinyHunters claims data theft from 8,800 schools
https://www.bleepingcomputer.com/news/security/instructure-hacker-claims-data-theft-from-8-800-schools-universities/


The hack halted all access to Canvas at 3 p.m. on May 7, just hours before University of Wisconsin-Madison's last day of finals.

Canvas shut down worldwide on May 7 after a hack by cybercriminal group ShinyHunters displayed a warning message that student data could be distributed if Instructure, Canvas' host, did not reach out to them by May 12. The message displayed across campus Canvases around 3 p.m., just hours before University of Wisconsin-Madison’s last day of finals.

In the pop-up message on Canvas, ShinyHunters encouraged affected schools to consult a cyber advisory firm and contact the group directly using instant messaging app Tox, before “everything is leaked” at the end of the day May 12.



"If Canvas prompts you to perform any action — such as clicking a link, logging in, resetting your password, or completing any tasks — do not proceed," UW-Madison advised on their information technology website.

The hack follows a May 1 hack of Instructure, Canvas’ host, that compromised student names, email addresses and ID numbers. The hack did not include passwords, dates of birth, government identifiers or financial information, according to an Instructure statement.



https://cybernews.com/security/anvas-lms-breach-universities-data-leak/
Harvard, Oxford, and MIT named as hackers drop full Canvas breach victim list

The gang has now dropped the full list of affected educational institutions. The file contains approximately 8,809 educational institutions, including higher education institutions and high schools from at least 10 different countries.

snip

Among the victims are the most prominent educational institutions in the world, including:

Harvard Univesity
Stanford University
Massachusetts Institute of Technology (MIT)
University of Oxford
Princeton University
Columbia University
University of Cambridge (via Cambridge University Press entry)
Cornell University
UC Berkeley
Georgetown University

ShinyHunters has extended its ultimatum to May 7th, awaiting the company's response and a negotiation. The attackers threaten to publicly leak all the stolen data if the company does not negotiate.
The incident was contained, but the investigation is ongoing

On Saturday, Instructure Holdings, the company behind the widely used LMS, claimed that the incident had been contained, but the investigation is ongoing.


Outsourcing your LMS (Learning Management System) Smart
NOT

I remember the very early days of LMS software and was an early advocate of the free and open source Moodle software package. These systems have gotten very complex and with complexity comes risk. This is like the MOVEit hack. MOVEit is a commercial software package used to transfer large files. Once a hack was found, it compromised every customer.

WAIT! MOVEit was hacked just last week.

https://www.thetechedvocate.org/urgent-moveit-vulnerabilities-expose-thousands-of-systems-to-critical-risks-heres-what-you-need-to-know/

According to Progress Software, the MOVEit vulnerabilities are particularly troubling due to the number of internet-connected devices currently running susceptible versions of the software. Reports indicate that over 1,440 devices are at risk, including 16 systems linked to state and local government agencies. This widespread exposure creates an immediate risk for thousands of organizations that depend on MOVEit for their critical file transfer operations.


Wikipedia:

MOVEit is a managed file transfer software product produced by Ipswitch, Inc. (now part of Progress Software).[3] MOVEit encrypts files and uses file transfer protocols such as FTP(S) or SFTP to transfer data, as well as providing automation services, analytics and failover options. The software has been used in the healthcare industry by companies such as Rochester Hospital and Medibank, as well as thousands of IT departments in high technology, government, and financial service companies like Zellis.

Posted by a RETIRED I.T. Dude.
Commercial software.
What a shitshow.
5 replies, 329 views
5 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Canvas hack shuts down Learning Apps at MANY CAMPUSES, worldwide (Original Post) usonian 13 hrs ago OP
How do we know they aren't lying ? ShinyHunters sent me an email threatening to release a bunch of stuff it had on me... eppur_se_muova 13 hrs ago #1
This what happens when the govenrment spends its efforts on political stunts instead of protecting infrastructure and SSJVegeta 13 hrs ago #2
Sacking a raft of cybersecurity experts? usonian 11 hrs ago #3
But they didnt look important!! SSJVegeta 10 hrs ago #4
This is the biggest story in the country right now Prairie Gates 10 hrs ago #5

eppur_se_muova

(42,361 posts)
1. How do we know they aren't lying ? ShinyHunters sent me an email threatening to release a bunch of stuff it had on me...
Reply to usonian (Original post)
Thu May 7, 2026, 08:02 PM
13 hrs ago

.... stuff which I knew for a fact didn't even exist. This is the lazy way to extort -- scare people into paying up to prevent damage they can't actually do.



ETA: I strongly suspect that same message was sent out to everyone on a long address list, Nigerian Price style, hoping for a few lucky bites.

SSJVegeta

(3,015 posts)
2. This what happens when the govenrment spends its efforts on political stunts instead of protecting infrastructure and
Reply to usonian (Original post)
Thu May 7, 2026, 08:04 PM
13 hrs ago

Focusing on actual crime.

usonian

(26,364 posts)
3. Sacking a raft of cybersecurity experts?
Reply to SSJVegeta (Reply #2)
Thu May 7, 2026, 09:46 PM
11 hrs ago

Why, it's almost as if Putin asked him to do it.

SSJVegeta

(3,015 posts)
4. But they didnt look important!!
Reply to usonian (Reply #3)
Thu May 7, 2026, 10:44 PM
10 hrs ago


Now lets find out what happens now that they got rid of a ton of Counterintelligence experts!

....sure itll be fine

Prairie Gates

(8,430 posts)
5. This is the biggest story in the country right now
Reply to usonian (Original post)
Thu May 7, 2026, 11:02 PM
10 hrs ago

Tens of thousands of college students have finals starting next week, and EVERYTHING is on the Learning Management System. Most professors keep their gradebooks on the LMS and will have no idea what their students' grades are without access to those gradesheets.

This is a clusterfuck of epic proportions.

Reply to this discussion
Latest Discussions»General Discussion»Canvas hack shuts down Le...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2026 Democratic Underground, LLC. Thank you for visiting.