What we learned from the Canvas hack
Marketplace All-in-One
Marketplace
4.5 ā¢ 1.4K Ratings
šļø 20 May 2026
ā±ļø 7 minutes
šļø Recording | iTunes | RSS
š§¾ļø Download transcript
Summary
Earlier this month, a group called ShinyHunters took responsibility for a hack on the education platform Canvas, which is used for coursework at colleges. In a letter posted online, the group threatened to leak data it took from the platform, including billions of private messages between students and teachers. Canvas was also temporarily unavailable, disrupting studentsā ability to do their work.
Then, last week, Instructure, which makes Canvas, said it had reached a deal with the hackers, that the data had been returned and all copies destroyed. Marketplaceās Stephanie Hughes asked Rachel Tobac, CEO at Social Proof Security, what we know about the deal.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | In a battle over stolen student data, did the hackers win? |
| 0:06.4 | From American Public Media, this is Marketplace Tech. |
| 0:09.1 | I'm Stephanie Hughes. |
| 0:19.6 | Earlier this month, a group called Shiny Hunters took responsibility for a hack on the education platform Canvas, which is used for coursework at colleges. In a letter posted to the site Ransomware. Live, which monitors these kinds of attacks, the group threatened to leak data it took from the platform, including billions of private messages between students and teachers. |
| 0:40.8 | Canvas was also temporarily unavailable, disrupting students' ability to do their work. |
| 0:46.7 | Then, last week, Instructure, which makes Canvas, said it had reached a deal with the hackers that the data had been returned and all copies destroyed. |
| 0:55.5 | I asked Rachel Tobak with the cybersecurity company Social Proof Security what we know about the deal. |
| 1:02.1 | We don't know for sure if they did pay the ransom, but if we speculate that they did, we think |
| 1:07.2 | the reason is probably because the attackers attacked during finals to inflict maximum pain. |
| 1:13.7 | And we know that a lot of these schools of those 8,800 schools did not have great backups, good options for communicating with students and teachers, doing grading, preparing for graduation, making sure that finals could be administered. |
| 1:29.6 | And so because of this maximum pain moment for so many of the schools that are affected, |
| 1:35.5 | I think they were probably convinced to pay a ransom, is my guess. |
| 1:40.1 | What sort of lessons do you take away from this? |
| 1:43.5 | Well, we know how shiny hunters thinks. |
| 1:46.8 | We know from previous breaches, which included AT&T in 2021 and 24, Ticketmaster, |
| 1:53.4 | Qantas, and Salesforce that they love to breach people over the phone. |
| 1:58.9 | They love to pretend to be IT staff. They love to call employees |
| 2:02.6 | saying, hey, we're updating our MFA. Go to this URL. Company name, sSO.com, or company name, |
| 2:08.6 | internal.com. Go ahead and put in your credentials and we'll get you all ready to go with the new |
| 2:13.9 | multi-factor authentication. And so if we look at the previous breaches, we can get an |
| 2:18.4 | understanding of maybe how this breach went down as well. Tell me more about how you think |
| 2:24.1 | companies can learn from this. Yeah, absolutely. So companies can protect themselves by making |
... |
Transcript will be available on the free plan in 14 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from Marketplace, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Marketplace and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright Ā© Tapesearch 2026.