Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker My favorite part is that several school districts migrated from PowerSchool to Canvas because the former* was hacked.
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker smells fishy....
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker They were hacked 3 times. Once in Sept 2025, Once around April 30th, and again May 7th.
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker and wildly, this will probably be the only time a meta tag actually works
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker
I like the misleading FAQ about data being taken and the answer narrows the scope drastically in hopes you didn't catch what they did -
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker oh FFS - thanks for flagging the noindex
-
Edtech giant Instructure was hacked (twice) — and finally put up a security incident page after the mass-defacement of Canvas school login pages.
But you might not find the page because right now it has a "noindex" tag in the page's HTML code, which prevents it from being listed in search results.
The page is here, FYI: https://www.instructure.com/incident_update
@zackwhittaker Have already had schools reaching out to say, "But no financial information was accessed," when, at least where I am, we've never entered any financial information into Canvas.
I'm more concerned about all the other back-end personal data loaded into Canvas from elsewhere that can't be changed with a phonecall to a bank.
-
E em0nm4stodon@infosec.exchange shared this topic
