Canvas is down as ShinyHunters threatens to leak schools’ data

krupan

A college student I know just sent me a screenshot, he can't access canvas for his school at all

exprez135

The Canvas instance at the nearby university is now down (May 7, 4 PM Eastern), but was briefly displaying the message in this screenshot (1). The ransom message implies that today's problem is the second wave in an attack on Instructure after ignoring their first breach in recent days. 1: https://ibb.co/r29RjdnH

bigfatkitten

I use Canvas for some postgraduate studies, and my teenage daughter uses it at her high school. We already bond over how awful the Canvas UX is (and she has a bunch of Chrome extensions to improve it.) Now we’ve got something else to gripe over together.

plasma_beam

Our public school system here in Maryland got hit, ransom screen.

daledavies

Eek I bet there are a few people at Instructure who won't be getting much sleep tonight!

kristianp

Qld, Australia was also affected: https://www.itnews.com.au/news/qld-gov-says-students-staff-c...

skeaker

Pretty cruel to do this right around finals.

incomplete

yep, i work for a major university and our canvas instance is down. this is really, really bad. edit: here's the list of impacted universities (unsure if they all have their canvas instances offline, but i'd be surprised if not): http://91.215.85.103/pay_or_leak/instructure_affected_school...

podiki

And grades are due in the next week or so for many of these (usually a quick deadline at the end of the semester due to graduation happening)...

tom1337

> Canvas is currently undergoing scheduled maintenance doesn't seem that scheduled to me

SoftTalker

So many universities used to run homegrown or on-prem student systems. This is the downside of consolidating in the cloud. If the infrastructure is compromised, it affects everyone, not just isolated or single installations. I wonder how they are feeling about that decision now? I guess they can say "not our fault" so they might be feeling better than if it was a vulnerability in their own system.

copperx

https://archive.is/5v693

cocoacat

Also here: https://news.ycombinator.com/item?id=48054386

vinni2

I hate Canvas. I would rather run a course on GitHub. But our university forces it on us. And now this.

danso

I wonder how much old data Canvas keeps around? Are students who graduated in 2016 going to be at risk of having their academic data leaked?

goryramsy

Down for all students at my University… it’s going to be a headache for all professors to deal with extending due assignments.

vondur

It looks like every CSU System is on the list (California State University). Surprised this hasn't hit the front page yet.

gigel82

Damn, all schools in our district in Washington moved to Instructure last year. They moved away from Teams because it objectively sucked, but I haven't heard of widespread compromises like this in Microsoft's systems so...

eatmyshorts

My daughter says that Northeastern is also affected. Is it more widespread? Did they infect all SaaS Canvas universities?

thecatapps

I remember when I was in high school (2016? 2017?), I found a super simple XSS in the assignment submission form and told the programming teacher. Canvas then proceeded to lock my account and got me my first (only?) detention. Good times.