Shinyhunters published a list of schools impacted by the Instructure breach.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 14:42:32 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 14:42:32 GMT

@riverpunk https://discourse.ifin.network/t/canvas-on-again-off-again-incident/366/4

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 13:50:26 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 13:50:26 GMT

@rootwyrm @scottwilson @cR0w

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 13:44:56 GMT

rootwyrm@weird.autos — Tue, 05 May 2026 13:44:56 GMT

@scottwilson @jackryder @cR0w it's fine, they can just get a new SSN and a new face every 6 months.

... oh wait.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 13:36:11 GMT

scottwilson@infosec.exchange — Tue, 05 May 2026 13:36:11 GMT

@jackryder @cR0w @rootwyrm Just speedrunning identity theft.

face-palm.gif

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 13:02:35 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 13:02:35 GMT

@cR0w @rootwyrm @scottwilson think of the kids at hyper scale.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:58:44 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:58:44 GMT

@jackryder @rootwyrm @scottwilson The amount of privacy decisions made by school districts on behalf of students and their parents is wild.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:57:23 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:57:23 GMT

@cR0w @rootwyrm @scottwilson Kids don't have a choice in this. If they are actively hostile, they'll be sent to retraining.

At this point, school is absolutely online. They get issued laptops from the schools and have their accounts setup for them without their approval.

I can't imagine they'll have even half the chances we had to become obfuscated. By the time they learn multiplication tables, they've been logging in/out of cloud services for years.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:53:45 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:53:45 GMT

@rootwyrm @jackryder @scottwilson I get that but with something like this, it's kids from K through college so there are understandably going to be a lot that don't get it. And the others whose parents are so tech bro that it'll take some work for them to learn how this shit actually works.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:52:13 GMT

rootwyrm@weird.autos — Tue, 05 May 2026 12:52:13 GMT

@cR0w @jackryder @scottwilson any kid that at this point, is not actively and openly hostile to all the technology bullshit is a lost cause in terms of education. And I mean all of it. Especially the hyper-invasive constant surveillance bullshit.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:51:30 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:51:30 GMT

@jackryder @scottwilson And hopefully some Luddites too.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:51:03 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:51:03 GMT

@cR0w @scottwilson silver linings!

And that one kid who sees what is happening and goes, "Wait... how does tha..." and then we get potential blue teamers!

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:50:01 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:50:01 GMT

@jackryder @scottwilson Another way to look at that is kids in 6th grade are now ( hopefully ) learning they can't trust tech companies to protect them.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:40:40 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:40:40 GMT

@cR0w @scottwilson And we all know how impervious to damage and inconvenience teens are.

The chaos and timing of this breach is like... almost perfect. As entrenched as kids are with tools like Google Drive, Canvas, etc. it doesn't shock me we have hits. We're trying to make kids in 6th grade carry the same level of responsibility as adults, who fail at it as well.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:37:51 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:37:51 GMT

@jackryder @scottwilson Not only that, but how many of the kids actually manage their creds? That's work for them and their parents to try to get them back online if they force password resets or something.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:35:40 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:35:40 GMT

@cR0w @scottwilson
"Yes, I know Mrs. Jones, your password is this. But we talked about that, right? You have to use a new one..."

right at the end of the year when grades are due...

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:34:38 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:34:38 GMT

@cR0w @scottwilson In an article I was looking at it said they are revoking privileged keys for caution and reissuing some.

I'm curious how badly that is going to disrupt the teachers. I know some teachers are technical.

But we all have PTSD from having to explain tech to non-techs....

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:31:25 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:31:25 GMT

@cR0w @scottwilson Same

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:31:01 GMT

jackryder@infosec.exchange — Tue, 05 May 2026 12:31:01 GMT

@cR0w wow, this is a big breach...

Canvas is used by everyone.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:30:46 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:30:46 GMT

@scottwilson All of the schools around me are on there too.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:30:11 GMT

scottwilson@infosec.exchange — Tue, 05 May 2026 12:30:11 GMT

@cR0w Thanks for doing this. Of course, my kids’ schools are affected. Not shocked. First PowerSchools, now Canvas! #winning

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:28:49 GMT

huronbikes@cyberplace.social — Tue, 05 May 2026 12:28:49 GMT

@cR0w also read it initially as lowercase i infrastructure but of course it's the name of a software company.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:27:39 GMT

huronbikes@cyberplace.social — Tue, 05 May 2026 12:27:39 GMT

@cR0w welp.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:24:21 GMT

cr0w@infosec.exchange — Tue, 05 May 2026 12:24:21 GMT

@huronbikes Instructure is used all over the US. I don't know how far outside of that they're used but it's potentially a lot of data.

Reply to Shinyhunters published a list of schools impacted by the Instructure breach. on Tue, 05 May 2026 12:23:10 GMT

huronbikes@cyberplace.social — Tue, 05 May 2026 12:23:10 GMT

@cR0w the school district I went to growing up is in there and maybe I should be surprised but I also used to do IT work there so...