Overview
- ShinyHunters, which listed Instructure on its leak site Sunday, claims it stole 3.65 terabytes of data tied to roughly 275 million people at nearly 9,000 institutions and says Instructure’s Salesforce system was also breached, though none of these claims have been independently verified.
- Instructure says exposed data includes names, email addresses, student ID numbers, and private messages, and it reports no evidence so far of stolen passwords, birth dates, government IDs, or financial information.
- The company is working with outside forensic firms and law enforcement to determine the scope of the intrusion and what systems were accessed.
- Instructure deployed fixes, revoked privileged credentials and access tokens, rotated application and API keys, and required customers to re-authorize API connections, while also increasing monitoring across its platforms.
- The incident caused disruptions to tools that relied on API keys after Thursday’s disclosure on April 30, and access to the Canvas Data 2 service was largely restored by Sunday, May 3, as the investigation and remediation continued.