On Tuesday, the education technology leader Instructure revealed a data breach in which hackers accessed students’ sensitive information, such as their names, personal email addresses, and communications exchanged between teachers and students. 

It seems that hackers have once again managed to infiltrate Instructure — this time defacing the login pages of multiple schools using the company’s Canvas platform, designed for schools to oversee coursework and assignments while communicating with students. 

TechCrunch observed a message from the cybercrime group ShinyHunters displayed on the Canvas login pages of three individual schools. An examination of the altered sites revealed that the hackers inserted an HTML file which modified the login interface to present their message.

The message indicates that the hackers plan to release the stolen information on May 12 if the company fails to “negotiate a settlement.”

At the time of this writing, Instructure’s website seemed to be partially operational, frequently returning a “too many requests” error. The Canvas portal issued a notice stating it was “currently undergoing scheduled maintenance.”

Instructure did not promptly respond to TechCrunch’s inquiry for a comment.

ShinyHunters had previously taken responsibility for the initial breach, advertising it on its leak site — a platform utilized by hackers to publish stolen data and coerce victims into paying ransoms — as a means to extort Instructure into paying to prevent the information from becoming public. This evident new breach, along with the hackers’ decision to inform TechCrunch about the defaced login pages, suggests that they are intensifying pressure on Instructure and its clients, aiming to compel them to acquiesce to the hackers’ demands.  

It remains uncertain how the hackers succeeded in compromising the login pages. When questioned, a representative from ShinyHunters informed TechCrunch that they could not provide specifics but noted that this constitutes a second, distinct breach.

Following the initial breach at Instructure, the hackers claimed to have pilfered data from nearly 9,000 schools globally, with the stolen files purportedly containing information on 231 million individuals. 

The group has affected countless victims over the past couple of years, adhering to the same financially incentivized strategy: hack, publicize, and extort.