Hackers Deface School Login Pages in New Instructure Attack

Hackers Deface School Login Pages in New Instructure Attack

The cybercrime group ShinyHunters has claimed responsibility for another breach targeting Instructure, the educational technology platform used by schools worldwide. The attackers defaced login pages at multiple schools with extortion messages.

Technology

Cybersecurity researchers have confirmed that ShinyHunters, a known cybercrime group, has targeted Instructure once again in what appears to be a coordinated attack on the widely-used educational software platform. The breach resulted in unauthorized modifications to login pages across several Instructure customer institutions, with attackers inserting extortion demands visible to users attempting to access their accounts.

Instructure, which provides learning management systems to educational institutions globally, has become an increasingly attractive target for cybercriminals seeking to exploit the sensitive data stored within school systems. The defaced login pages served as a visible demonstration of the attackers' access, a tactic commonly used by threat actors to pressure organizations into paying ransom demands.

The incident marks another chapter in ShinyHunters' history of targeting educational and enterprise platforms. The group has previously claimed responsibility for breaches affecting multiple major technology companies and service providers. School administrators were advised to verify the legitimacy of any communications they received regarding the breach and to monitor accounts for unauthorized access.

Instructure has not yet released an official statement regarding the scope of the breach or the number of affected institutions. Security experts recommend that schools using the platform implement additional verification steps for user logins and monitor for suspicious account activity. The company typically works with affected customers on remediation efforts following such incidents.

Open in app →