Rutgers Freshman Vincent Piliggi, 18, was studying in the library on campus. The library was packed with students being the week of final exams. Suddenly, everyone started getting up. Everyone was leaving. Confused, Vincent looked around stunned, and then looked back at his computer. The system that was used by thousands to submit work, had just been hacked.
Canvas, by Instructure, is a massive platform that is used by many universities around the world. Professors use Canvas to post different forms of instruction, create assignments, and communicate with students personally. On the other hand, students primarily use Canvas to submit work and study for various exams or tests. Since the mid-2010s, Canvas has stood as a huge tool for universities.
On April 29, millions of emails, student IDs, and other forms of personal data were leaked after the hacking group ShinyHunters breached the company’s database. But on May 7, the platform was hacked again by the popular hacking group. This hack was the second by the group on Canvas within a few weeks.
The second hack was a little different. Instead of grabbing the student data and running, the group decided to hold the data hostage. ShinyHunters stated that if they did not receive the ransom money that they requested, they would leak even more student data.
“I mean it really interrupted my studying,” Pileggi said when he first learned about the hack.
Pileggi explained that he was told to refresh Canvas, and when he did, he figured out why everyone was getting up and leaving. Many students began to laugh, but he couldn’t believe what just happened.
“Personally, this hack also affected me,” he confessed.
“I had to email professors about a few assignments because there was no way for me to submit them. I and many others were worried that professors might not accept the work if it was late. Even though Canvas went down, some strict professors might not care and expect the work to have been done already. Thankfully, my professors understood the situation, and were very lenient with the assignments,” he continued.
Although unfortunate, this hack was very well timed from the cyber criminal’s perspective. For many universities this was during finals week. This means that it was already a stressful week for everyone. Canvas could not afford for their platform to go down during such an important time, so they paid the ransom that ShinyHunters requested. The amount, while unknown, is likely many millions of dollars.
ShinyHunters took yet another unique approach to criminality. Instead of just making ransom demands from Canvas behind the scenes, they tried to enlist students from the university into pressuring Canvas to pay the ransom. There is no clear data on how many people saw this hacking message and spoke or acted out, but using the collective power of thousands of students and faculty to help bring things back to normal by quickly paying a ransom demand is unique if not downright underhanded.
Finally, on May 11, Instructure CEO Steve Daly announced that Canvas was back up and running. He stated that they reached an agreement with the hackers, ensuring that no data was leaked and that Canvas was back online and fully operational.
Overall, this hack can be viewed as one of the most monumental in history. It affected thousands of schools that have access to tons of student data. Paying the ransom must have been a difficult decision, but since it was finals week, many students truly needed to access Canvas. There was no time to negotiate.
Technology is growing everyday. Hackers today are getting smarter and sometimes it seems like there is nothing you can do to stop them. However, there are still things you can do. Change your passwords often, do not open messages or emails from unrecognized numbers or emails, do not publish personal information on social media, and more. Being safe online is still possible, you just have to do it the right way.
Leave a Reply