Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly.
-
Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g) -
@cR0w oh ffs... they paid a ransom?
-
@cR0w I'll never understand this logic. "How do you know the morally bankrupt cybercriminals actually got rid of your data?"
"They gave us a receipt."
Yeah...sure...
@rossmadness @cR0w It turns out that seeing a way to pretend to solve your problem by spending other people's money and letting other people bear the ongoing risk just gives you a warm feeling of childish trust.
Plus, when you are lawful evil seeing chaotic evil probably just reminds you of your carefree younger days; when you would have been frolicking on the intertubes not being a saashole who has to do earnings calls.
-
@cR0w@infosec.exchange So... Instructure will be on the hook if it does happen? I'm not sure how exactly this works on the legal side.
@phil IDK how it works either but I highly doubt they will be held responsible.
-
@phil IDK how it works either but I highly doubt they will be held responsible.
@cR0w@infosec.exchange Sad. There is a definite deficit of accountability.
-
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g) -
@cR0w@infosec.exchange Sad. There is a definite deficit of accountability.
@phil Isn't that the whole point of becoming a publicly traded company in America? It sure seems that way.
-
@rossmadness @cR0w but but but... their business relies on being trustworthy! They need to, otherwise the industry suffers! And no one would ever act against their industries interest! All the cybertalkingheads told me!!!
@nyanbinary @cR0w I was discussing the Instructure hack with a friend who works for a school district and he stated that almost exactly. I told him that yes, that makes sense if we believe they care about "organization reputation" in the same economic incentive driven context as a regular business. Which I highly doubt. But let's assume they do follow this logic.
What keeps them from selling a copy quietly to another criminal and then THAT criminal actions the data somewhere else without directly saying "Instructure". TAs double dip and keep their "reputation" intact.
-
Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.
@cR0w The amount of comfort this provides me is *immeasurable.
* It's zero. The number is zero.
-
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g)"Our offering was leveraged by an unauthorized actor in their activity."
I don't think even CNN could come out with a voice that passive. Dude had to completely mangle the semantic structure of that sentence just to thread the needle between the obvious truth, and a lie blatant enough to be visible from the moon.
Hey Steve, go apologise to your high school English teacher.
-
Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.
@cR0w Gotta feel the seal on the certificate of deletion. If you can't detect the embossed edge around it, the seal is a forgery. That means the adversary did not pinky swear before the registrar of deleted hacks. Which only costs, like, $18. If they didn't spring for that, they definitely must be lying.
-
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g) -
R relay@relay.infosec.exchange shared this topic
