Hackers deface school login pages after claiming another Instructure hack
Hackers deface school login pages after claiming another Instructure hack
黑客在声称对 Instructure 发起另一次攻击后,篡改了学校登录页面
On Tuesday, education tech giant Instructure disclosed a data breach where hackers stole students’ private information, including their names, personal email addresses, and messages sent between teachers and students. 周二,教育科技巨头 Instructure 披露了一起数据泄露事件,黑客窃取了学生的私人信息,包括姓名、个人电子邮箱地址以及师生之间的往来信息。
Now, it appears hackers were able to compromise Instructure again — this time defacing several schools’ login pages to the company’s platform Canvas, which allows schools to manage coursework and assignments and communicate with students. 现在看来,黑客再次攻破了 Instructure 的系统——这一次,他们篡改了多所学校的 Canvas 平台登录页面。Canvas 是该公司旗下的平台,供学校管理课程、作业并与学生进行沟通。
TechCrunch saw a message published by the cybercrime group ShinyHunters on the Canvas login pages of three separate schools. A review of the defaced portals shows that the hackers injected an HTML file that altered the login screens to display their message. TechCrunch 在三所不同学校的 Canvas 登录页面上看到了网络犯罪组织 ShinyHunters 发布的信息。经检查,这些被篡改的门户网站显示,黑客注入了一个 HTML 文件,修改了登录界面以显示他们的留言。
The message says the hackers will publish the stolen data on May 12 if the company does not “negotiate a settlement.” At the time of writing, Instructure’s website appeared to be partially online, at times returning a “too many requests” error. The company’s Canvas portal displayed a notice saying it was “currently undergoing scheduled maintenance.” Instructure did not immediately respond to TechCrunch’s request for comment. 该信息称,如果公司不进行“谈判达成和解”,黑客将于 5 月 12 日公布窃取的数据。截至发稿时,Instructure 的网站似乎处于部分在线状态,有时会返回“请求过多”的错误。该公司的 Canvas 门户网站则显示一则通知,称其“目前正在进行例行维护”。Instructure 未能立即回应 TechCrunch 的置评请求。
ShinyHunters had previously claimed responsibility for the original hack, publicizing it on its leak site — a website hackers use to publish stolen data and pressure victims into paying ransoms — in an effort to extort Instructure into paying to keep the data from going public. ShinyHunters 此前曾声称对最初的黑客攻击负责,并在其泄露网站上进行了公开——黑客利用该网站发布窃取的数据,并以此向受害者施压要求支付赎金——试图勒索 Instructure 付款以阻止数据公开。
This apparent new hack, along with the fact that hackers chose to notify TechCrunch about the defaced login pages, indicate that the hackers are trying to ramp up pressure on Instructure and its customers, hoping to force them to cave to the hackers’ demands. 这次明显的二次攻击,加上黑客选择通知 TechCrunch 关于登录页面被篡改的事实,表明黑客正试图加大对 Instructure 及其客户的压力,希望迫使他们屈服于黑客的要求。
It’s unclear how the hackers were able to compromise the login pages. When asked, a member of ShinyHunters told TechCrunch that they couldn’t comment on specifics, but said this is a second, separate breach. 目前尚不清楚黑客是如何攻破这些登录页面的。当被问及此事时,ShinyHunters 的一名成员告诉 TechCrunch,他们无法评论具体细节,但表示这是第二次独立的入侵事件。
Following the original breach at Instructure, the hackers claimed to have stolen data from almost 9,000 schools around the world, with the stolen files allegedly containing information on 231 million people. The group has compromised countless victims over the last couple of years, following the same financially motivated playbook: hack, publicize, and extort. 在 Instructure 最初的泄露事件后,黑客声称已从全球近 9,000 所学校窃取了数据,被盗文件据称包含 2.31 亿人的信息。过去几年里,该组织已导致无数受害者受损,其遵循的都是同样的经济动机套路:入侵、公开、勒索。