Canvas back online after cyberattack shuttered learning platform for schools across U.S.
A system that thousands of schools and universities use was offline Thursday due to a cyberattack, creating chaos as students tried to study for finals and underscoring education's dependence on technology. The learning management system Canvas was back online Friday and available for most users, according to the company behind the system.
The hacking group named ShinyHunters claimed responsibility for the breach at Instructure, the company behind Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emisoft.
In a statement to CBS News on Friday, Instructure said the company took Canvas offline after learning that hackers had "made changes to the pages that appeared when some students and teachers were logged in."
The hackers exploited an issue linked to its Free-For-Teacher accounts, the company said.
"As a result, we have made the difficult decision to temporarily shut down our Free-For-Teacher accounts," the company said. "This gives us the confidence to restore access to Canvas, which is now fully back online and available for use. We regret the inconvenience and concern this may have caused."
Canvas went down at the worst possible time. Students quickly took to social media, with many panicking that they could no longer view course materials housed within the platform to study for their final exams.
Teachers said they were having to find workarounds to help students study for exams and submit final assignments. And some schools, such as the University of Texas at San Antonio, announced they were pushing back finals scheduled for Friday in response to the outage.
Some of the universities that reported being affected include Penn State, the University of Wisconsin-Madison, Columbia University and Union College New Jersey.
UCLA was among several California schools that reported being crippled by the outage.
Also impacted in the Chicago area were Northwestern University, the University of Chicago, the University of Illinois Chicago and the University of Illinois.
In a message to students, Penn State said all tests scheduled for Thursday and Friday in its Pollock Testing Center were canceled.
The student newspaper at Harvard reported that the system was down there, too. And public school districts also sought to reassure parents, with officials in Spokane, Washington, writing that they aren't "aware of any sensitive data contained in this breach."
Canvas is used to manage grades, course notes, assignments, lecture videos and more. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.
Screenshots he provided showed that the group began threatening to leak the trove of data on Sunday, setting deadlines of Thursday and May 12. Connolly said the later date indicates that discussions regarding extortion payments may be ongoing.
By Friday, Instructure and Canvas had been removed from a dedicated leak site created by the ransomware group on the dark web to publish stolen data.
Rich in digitized data, the nation's schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.
Connolly said the Canvas attack is strikingly similar to a breach at PowerSchool, which also offers learning management tools. In that case, a Massachusetts college student was charged.
Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including one aimed at Live Nation's Ticketmaster subsidiary.
