On Thursday at approximately 1:02 p.m., a digital criminal extortion group under the name ShinyHunters hacked Instructure, the parent company of Canvas learning management system. 

The group suspended the UC San Diego Canvas platform, as well as the Canvas platforms of 9,000 other universities globally, according to a document by ShinyHunters. The breach impacted universities such as Harvard, Duke, the Massachusetts Institute of Technology, and the entire University of California system. 

ShinyHunters blocked access to the platform and displayed a message threatening the release of any data stored on the platform, potentially including the personal information and private messages of students and staff. 

“If any of the schools in the affected list are interested in preventing the release of their data,” the group recommended schools consult a cyber advisory firm to contact ShinyHunters via TOX, a dark web ransomware service, “to negotiate a settlement.” 

According to ShinyHunters, universities have until the end of day Tuesday to “contact [them] privately” before “everything is leaked.” The black-hat criminal group extended the same demand to Instructure, according to The Daily Californian.

The group’s activity did not initially affect the Canvas mobile app. At approximately 1:46 p.m., the app went down, displaying a Canvas-automated message indicating an error when logging in. As of 6 p.m., the Canvas website no longer displays the group’s message and instead states, “Canvas is currently undergoing scheduled maintenance.” The Canvas app now states, “Oops, something went wrong. There was an error while logging you in. You can try again, or come back a bit later.”

At 2:45 p.m., the office of the executive vice chancellor and the office of the chief information officer sent a schoolwide email acknowledging the disruption. The email asked students and staff to stop attempting to access Canvas until they received further updates; it advised those in the system to close out of the browser completely.

“We recognize that this disruption will affect academic programs,” the statement read. “Students should wait for instructions from their instructors on temporary measures for submitting course assignments and accessing materials until this situation can be resolved. Updates will be provided to the campus as more information becomes available.”

The group originally breached Canvas Instructure the previous Friday, May 1. In a status update published the next day, Instructure confirmed that ShinyHunters gained access to names, email addresses, student ID numbers, and messages shared within Canvas and Canvas Beta. 

The extent of the compromised information at UCSD is unknown. In a statement to The Daily Californian, ShinyHunters claimed to have stolen more than 600,000 UC Berkeley student and staff records. 

ShinyHunters have previously claimed credit for extorting other organizations such as Mathway, PowerSchool, Microsoft, AT&T on two separate occasions, Google, and several other corporations and websites.

The UCSD Guardian reached out to University Communications for further information but did not receive a response.

Infrastructure released a public statement on its website regarding the breach. 

“This incident involved unauthorized access to part of our environment,” the statement read. 

The statement also acknowledged Instructure’s lack of communication on the issue. 

“Last week, we made a call to get the facts right before speaking publicly,” the statement read. “That instinct isn’t wrong, but we got the balance wrong. We focused on fact-finding and went quiet when you needed consistent updates.”

As of this article’s publishing, neither the University nor Instructure have addressed the group’s threat to leak the data without ransom payment. This is an ongoing story; The Guardian will provide updates as the situation unfolds.