Canvas, a cloud-based learning management platform used by thousands of schools and universities, is back up after it was disabled for hours May 7.
Northern Kentucky University, Kent State University were among the colleges across the United States where students couldn’t access their class material after a security incident resulted in a widespread outage. The incident disrupted classes, coursework and exams amid spring finals week for many schools.
The hacking group ShinyHunters claimed responsibility for the data breach at Instructure, the parent company and creator of the Canvas learning management system, according to an email sent to students from NKU and multiple news reports.
Here’s what we know:
Is Canvas back up?
“Canvas is fully back online and available for use,” Instructure said on its incident update page. Miami University said Canvas access returned, but some students were having difficulty logging in.
What is Canvas?
Canvas is an application that allows students and faculty to virtually upload assignments, grade coursework and complete exams.
Canvas has more than 30 million active users worldwide and over 8,000 institutions as customers, according to USA Today.
What happened with Canvas?
Hackers gained unauthorized access to Canvas by “exploiting an issue related to our Free-For-Teacher accounts,” Instructure said. Free-For-Teacher accounts have been temporarily shut down as a result, the company said.
The company first became aware of the hackers’ presence on April 29. On May 8, the same actor “made changes to the pages that appeared when some students and teachers were logged in through Canvas,” causing Instructure to take Canvas offline to investigate.
A group called ShinyHunters claimed responsibility for the hack, according to USA Today. It said that anyone who did not want their data released should contact the group before May 12.
A screenshot depicting a similar message was shared in the University of Cincinnati subreddit on May 7 with the caption “Anyone else seeing this? I can’t do anything on web or mobile.”
As of May 8, Instructure said it has found no evidence that “passwords, dates of birth, government identifiers, or financial information” were involved in the data breach. However, it said “names, email addresses, student ID numbers, and messages among Canvas users” were accessed by hackers.
Who are ShinyHunters?
ShinyHunters has a history of compromising global corporations, according to Reuters. In April, the hacking group said it had stolen nearly 80 million business records from video game developer Rockstar Games, the maker of Grand Theft Auto.
ShinyHunters said it had accessed data from over 275 million people — including students, teachers, and other staff — across nearly 9,000 schools worldwide, according to USA Today.
Schools respond to Canvas hack
The Cincinnati Public School district uses Canvas, according to spokesperson Joe Wessels. He said the district’s technology team is looking into what happened.
Miami University students lost access to Canvas late in the afternoon on May 7, according to a spokesperson. Access was restored by 6:30 a.m., though some users were still having trouble logging into Student ePortfolios.
Miami University did not answer whether it was concerned about student information being leaked.
The University of Cincinnati declined to say whether students and faculty still had Canvas access or whether it was concerned about a student information breach.
Northern Kentucky University and Xavier University did not respond to emails by the time of publication.
This article originally appeared on Cincinnati Enquirer: Canvas back up after ShinyHunters hack forced shutdown
Reporting by Matthew Cupelli, Cincinnati Enquirer / Cincinnati Enquirer
USA TODAY Network via Reuters Connect
