Hackers again access universities' Canvas app, threatening to publish student data

Hackers have again accessed the Canvas app, widely used by universities worldwide, including in the Netherlands. The hacker gang Shinyhunters posted a new message on the app, along with a new ultimatum. The VU University in Amsterdam announced that it has disconnected all systems linked to Canvas.

“ShinyHunters has hacked Instructure again. Instead of contacting us to resolve the issue, they ignored us and implemented a few security patches,” the message read, among other things, NOS reports.

The hackers gave the affected educational institutions until May 12 to contact them and negotiate, or they will publish the stolen data. An earlier deadline expired yesterday.

On Monday, ShinyHunters announced that they had stolen the data of millions of students, lecturers, and other staff at higher education institutions worldwide through a cyberattack on Canvas. The software company provides the program students use to submit their assignments and view their grades, among other things.

VU Amsterdam decided to disconnect from Canvas after this second intrusion. The disconnection may have consequences for lectures and class attendance on Friday, the university said in a press release.

Earlier, the umbrella organization Universities of the Netherlands (UNL) reported that the University of Amsterdam, VU Amsterdam, Erasmus University Rotterdam, Tilburg University, Eindhoven University of Technology, Maastricht University, and University of Twente were affected by the hack.