Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly.
-
@cR0w@infosec.exchange Sad. There is a definite deficit of accountability.
@phil Isn't that the whole point of becoming a publicly traded company in America? It sure seems that way.
-
@rossmadness @cR0w but but but... their business relies on being trustworthy! They need to, otherwise the industry suffers! And no one would ever act against their industries interest! All the cybertalkingheads told me!!!
@nyanbinary @cR0w I was discussing the Instructure hack with a friend who works for a school district and he stated that almost exactly. I told him that yes, that makes sense if we believe they care about "organization reputation" in the same economic incentive driven context as a regular business. Which I highly doubt. But let's assume they do follow this logic.
What keeps them from selling a copy quietly to another criminal and then THAT criminal actions the data somewhere else without directly saying "Instructure". TAs double dip and keep their "reputation" intact.
-
Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.
@cR0w The amount of comfort this provides me is *immeasurable.
* It's zero. The number is zero.
-
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g)
"Our offering was leveraged by an unauthorized actor in their activity."
I don't think even CNN could come out with a voice that passive. Dude had to completely mangle the semantic structure of that sentence just to thread the needle between the obvious truth, and a lie blatant enough to be visible from the moon.
Hey Steve, go apologise to your high school English teacher.
-
Instructure, the company that operates Canvas, has confirmed that it addressed the incident directly. Based on the information they have shared, the data involved was returned to Instructure. They also received assurances that the data will not be further shared and confirmation that any copies were deleted. Instructure has stated that no schools or districts will be extorted as a result of this incident.
@cR0w Gotta feel the seal on the certificate of deletion. If you can't detect the embossed edge around it, the seal is a forgery. That means the adversary did not pinky swear before the registrar of deleted hacks. Which only costs, like, $18. If they didn't spring for that, they definitely must be lying.
-
@cR0w the terminator : 'i'll be back'
actually, wait, i'm still here
(brain:
s/Free-for-T/hot for t/g) -
R relay@relay.infosec.exchange shared this topic
