FILE PHOTO: Students walk through campus between classes at Santa Monica College in Santa Monica, California April 4, 2012. REUTERS/Bret Hartman/File Photo

Developer of education tool Canvas issues apology after hack

· CNA · Join

Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST

WASHINGTON, May 11 : The developer of Canvas, widely used by U.S. institutions for grades and class materials, issued an apology after a hack that ​blocked students from accessing the education tool and involved student data being stolen by a cybercriminal hacking group.

"I'll start where I should: with an apology," Steve Daly, the CEO of Canvas' parent company Instructure, said in a blog post on Monday.

ShinyHunters, a hacking group known for data theft and extortion campaigns targeting major global companies, ‌said in a May 3 post on its website that it had stolen roughly 6.65 terabytes of Canvas data.

The data, linked to nearly 9,000 schools worldwide, included student names, email addresses and private messages between students, teachers, and other staff, the group added.

CNA Games

Guess Word
Crack the word, one row at a time

Buzzword
Create words using the given letters

Mini Sudoku
Tiny puzzle, mighty brain teaser

Mini Crossword
Small grid, big challenge

Word Search
Spot as many words as you can
 Show More
Show Less

Student newspapers across the United States reported last week the hack caused widespread disruption as students prepared for end-of-year tasks ​and assignments.

The software is used by schools for class assignments and information sharing, as well as messaging between students and school ​faculty.

The Instructure CEO said Canvas "is fully operational and remains safe to use."

"Over the past few days, many of you dealt with real disruption. Stress on your teams. Missed moments in the classroom. Questions you couldn't get answered. You deserved more consistent communication from us, and we didn't deliver it. I'm sorry for that," Daly said.

He added the company will give more consistent updates going forward.

Daly said the incident involved unauthorized access to information like usernames, email addresses, course names, enrollment information and messages.

Core learning data like course content, submissions and credentials was not compromised, he said.

He said the company had identified a vulnerability regarding support tickets in the app's "Free for Teacher" environment that was exploited.

That component of the app has been temporarily disabled while the company completes a full security review, Daly added.

Source: Reuters

Newsletter

Week in Review

Subscribe to our Chief Editor’s Week in Review

Our chief editor shares analysis and picks of the week's biggest news every Saturday.

Sign up for our newsletters

Get our pick of top stories and thought-provoking articles in your inbox

Subscribe here

Get the CNA app

Stay updated with notifications for breaking news and our best stories

Download here

Get WhatsApp alerts

Join our channel for the top reads for the day on your preferred chat app

Join here