The ed-tech giant behind the Canvas learning management system is working with forensic experts to determine the full scope of the incident, though it seems passwords and financial information were not compromised.
…
According to a May 2 update from Proud, preliminary findings suggested the incident was caused by a “criminal threat actor” and may have involved the exposure of user-identifying information such as names, email addresses, student identification numbers, and user-to-user messages. However, he added that there was no evidence that passwords, dates of birth, government-issued identifiers or financial information were compromised.
…
Instructure has not publicly identified the criminal threat actor. However, independent security researchers at Cybernews and BleepingComputer both confirmed that the cyber extortion group ShinyHunters claimed credit for the attack by listing Instructure on its data-leak website on May 3.
