login
who are we?
contact us
qosheapp
Caveat Canvas: ShinyHunters Hacks the Education Sector
CounterPunch Exclusives
CounterPunch Exclusives
Caveat Canvas: ShinyHunters Hacks the Education Sector
Image Source: ShinyHuntersWebsite – Fair Use
They make you do it – they, in this case, being the folly-fouled leaders of educational institutions – because it’s all in the name of organisational efficiency, productivity and purpose. Engage what is often erroneously called a Learning Management System (LMS), submitting personal details and papers and assessments into its maw. Instructors and academics are also made to generate intellectual profiles for subjects and courses, leaving students the false impression that what is not on the platform cannot surely exist. Should you be a conscientious objector to this hungry, data gobbling system, you are ostracised, condemned as a pencil loving Luddite.
On April 30, Instructure, the Salt Lake City-based education technology company behind Canvas, a widely used LMS, temporarily went offline. On May 1, the company confirmed that it had experienced a “cybersecurity incident perpetrated by a criminal threat actor.” The problems had been largely sorted by May 2, with Instructure promising continued monitoring and an investigation into how the attack took place. Its security system had been patched, certain credentials and access tokens revoked and reissued, and API (application programming interface) keys rotated “out of an abundance of caution.” Normal operations resumed the next day.
On May 3, the specialist extortion group ShinyHunters, which publicly emerged in January 2020, added Instructure to its Tor-based site, boasting the theft of 3.65 terabytes of data by exploiting the “Free-For-Teacher” vulnerability in the Canvas platform. Information belonging to 275 million students, teachers and other individuals to some 8,809 education institutions across the globe had featured. Instructure, while admitting the hack had secured access to personal information (names, email addresses, student ID numbers and user messages), claimed to find “no evidence........
© CounterPunch
visit website