Canvas owner reaches ‘agreement’ with hackers to secure stolen data

Instructure, the company behind the Canvas learning management platform, says it has “ reached an agreement ” with hackers that breached its systems last week to prevent stolen data from being leaked online. The ShinyHunters hacking group claimed responsibility for the attack before Canvas was briefly taken offline . The group threatened to publish 3.5 terabytes of student data if ransom demands for a “settlement” weren’t met. Now, Instructure says the stolen data has been returned as part of its unspecified “agreement” with the hackers, alongside a promise that “no Instructure customers will be extorted as a result of this incident.” “We understand how unsettling situations like this can be, and protecting our community remains our top priority,” Instructure said in its latest statement. “With that responsibility in mind, Instructure reached an agreement with the unauthorized actor involved in this incident.” Instructure doesn’t explicitly say that it paid ShinyHunters, but this update certainly suggests as much. Ransom payments can go toward funding further ransomware attacks , and there’s no guarantee that the hacking group will uphold its side of the bargain. Instructure said it had received proof that the stolen data had been destroyed (which begs the question of how that data was also “returned”), and that its agreement covers all customers impacted by the breach. …