Canvas hacked: Who are the ShinyHunters group?

A cyberattack targeting the online learning platform Canvas disrupted thousands of universities and high schools across the US on May 7th, precisely when students were entering the stressful final exam period.

Canvas is a popular online learning management system operated by Instructure, used for uploading lectures, assigning homework, organizing tests, and communicating between teachers and students. According to the company, the platform currently has over 30 million active users globally and serves more than 8,000 educational institutions.

The incident caused many major universities, such as Columbia, Princeton, Harvard, and Georgetown, to unexpectedly display ransom demands on their Canvas homepage. Numerous school districts in California, Florida, Georgia, Oregon, Nevada, and many other states also confirmed being affected.

Hackers left a ransom message.

Students at several schools described the incident as beginning around midday when users logged into Canvas and saw a message from a hacking group calling itself ShinyHunters . This group claimed to have infiltrated Instructure's systems and demanded a ransom to prevent data leaks.

A University of Pennsylvania student reported being logged out of his account right while studying for final exams. Faculty then had to find ways to send study materials via email or other platforms to maintain instruction.

This is believed to be the second cybersecurity incident this month involving Canvas and ShinyHunters. Previously, on May 1st, Instructure acknowledged experiencing a cybersecurity incident caused by malicious actors. The company stated that the incident was under control, but data such as usernames, emails, student IDs, and some communication content may have been compromised.

In their latest message, the hacking group accused Instructure of ignoring previous warnings.

Instructure had to put Canvas into 'maintenance' mode while investigating the issue before restoring service to most users later that evening.

Who are the ShinyHunters group?

ShinyHunters is a notorious black hat hacker group specializing in cyberattacks, stealing and selling sensitive personal data of users worldwide. 

The ShinyHunters hacking group, which first emerged in 2020, is a financially motivated cyberattack group that has carried out a series of data breaches targeting large corporations and offered the compromised data for sale on hacking forums such as RaidForums and BreachForums. Interestingly, ShinyHunters is a key member on these platforms as a contributor and administrator.

1. Operation: The group typically infiltrates large systems, steals data, and then sells it on cybercrime forums or extorts money from businesses.
2. Scale of the attack: ShinyHunters is believed to be involved in a series of massive data breaches, affecting hundreds of millions of customer records.
3. The threat: ShinyHunters not only act alone but also collaborate with other cybercrime groups (such as Scattered Spider) to scale up their attacks. 

ShinyHunters is a dangerous hacking group that specializes in targeting organizations holding large amounts of user data for profit. 

"The latest wave of attacks carried out by ShinyHunters shows a significant shift in tactics, going beyond the group's previous behavior of stealing login credentials and exploiting databases," the report stated.

ShinyHunters uses similar attack techniques to Scattered Spider, such as vishing (or voice phishing) and social engineering attacks, exploiting apps disguised as legitimate tools and phishing sites impersonating Okta, with the aim of tricking victims into entering login information to steal data.

Despite the limited public information available about the organization, ShinyHunters has long been under scrutiny by US cybersecurity agencies and investigators due to its involvement in numerous large-scale data breaches.

In 2024, the group claimed responsibility for attacking Ticketmaster's ticketing system and selling user data on the dark web. Cybersecurity firm Mandiant, owned by Google, has also noted an increase in extortion campaigns bearing the ShinyHunters signature recently.

According to experts, this group typically uses fraudulent calls and fake login pages that mimic the real company's interface to steal employee information before infiltrating cloud storage systems and obtaining sensitive data to demand ransom.

Last year, the U.S. Department of Justice also announced a sentence against a member of ShinyHunters. Court documents show that this individual had offered for sale stolen data from more than 60 companies across various sectors, including technology, entertainment, media, fashion, and video games.

Students panic amidst exam season.

The canvas hacking incident occurred at the most sensitive time of the school year, causing many students to feel anxious.

Melanie Topchyan, a senior at the University of California, Riverside, said she missed an exam because she couldn't access Canvas. "I was a little panicked," she said, adding that she was preparing for a difficult exam that relied heavily on lectures and notes saved on the system.

Anish Garimidi, a third-year student at the University of Pennsylvania, describes the anxiety of losing access to important study materials before an exam.

At the Massachusetts Institute of Technology (MIT), student Allison Park said many instructors were scrambling to find students' email addresses because they couldn't use the notification feature on Canvas. "I didn't realize how much we relied on this platform until people were running around trying to find ways to contact us," she said.

Some schools have had to change their exam schedules to cope with the situation. James Madison University announced that it is moving exams scheduled for Friday to next week.

However, not all students are overly pessimistic. Minhal Nazeer, a sophomore at Georgetown, said that the professor's extension of the assignment deadline inadvertently gave her more time to review her coursework.

However, for many others, the incident highlights the increasing reliance of modern education on digital platforms. Canvas is now not just a place to submit assignments, but also plays a central role in storing documents, video lectures, grading, and connecting instructors with students.

You've just finished reading the article "Canvas hacked: Who are the ShinyHunters group?" edited by the TipsMake team. You can save canvas-hacked-who-are-the-shinyhunters-group.pdf to your computer here to read later or print it out. We hope this article has provided you with many useful tech tips and tricks. You can search for similar articles on tips and guides. Thank you for reading and for following us regularly.