2026年5月7日 / 美国东部时间晚上11:40 / 哥伦比亚广播公司/美联社
周四,全美数千所中小学和高校使用的一套系统因网络攻击陷入停摆,给正在备考期末考试的学生造成混乱,也凸显了教育行业对科技的依赖。
网络安全公司埃米索夫特的威胁分析师卢克·康诺利表示,名为“赏金猎人”(ShinyHunters)的黑客组织宣称对学习管理系统Canvas的开发商Instructure遭遇的入侵事件负责。
哥伦比亚广播公司新闻已联系Instructure置评。周四深夜,Instructure在状态日志中宣布,Canvas“现已对大多数用户恢复可用”。
已报告遭遇攻击的高校包括宾夕法尼亚州立大学、威斯康星大学麦迪逊分校、哥伦比亚大学和新泽西联合学院。
加州多所学校报告因停摆陷入瘫痪,加州大学洛杉矶分校便是其中之一。
芝加哥地区受影响的学校还有西北大学、芝加哥大学、伊利诺伊大学芝加哥分校和伊利诺伊大学。
宾夕法尼亚州立大学在给学生的通知中表示,“所有人都无法访问”Canvas,且预计“未来24小时内无法解决问题”。该校称,原定于周四和周五在波洛克考试中心举行的所有考试均已取消。
哈佛大学校报报道称,该校的Canvas系统也出现故障。公立学区也试图安抚家长,华盛顿州斯波坎市的官员表示,他们“未意识到此次泄露事件中存在任何敏感数据”。
康诺利称,Canvas被用于管理成绩、课程笔记、作业、讲座视频等。该黑客组织在网上宣称,全球近9000所学校受到影响,数十亿条私人消息和其他记录已被窃取。
他提供的截图显示,该组织已于周日开始威胁泄露这批数据,并设定了周四和5月12日两个截止期限。康诺利表示,较晚的截止日期表明,有关勒索付款的谈判可能仍在进行中。
美国学校坐拥海量数字化数据,因此成为遍布全球的犯罪黑客的主要目标。这些黑客正孜孜不倦地搜寻并窃取敏感文件,而这些文件不久前还被锁在档案柜的纸质文件中。此前的攻击事件曾波及明尼阿波利斯公立学校和洛杉矶联合学区。
Instructure尚未在其社交媒体上就此次攻击事件发表声明。
康诺利称,此次Canvas攻击事件与提供学习管理工具的PowerSchool遭遇的入侵极为相似。在那起案件中,一名马萨诸塞州的大学生已被起诉。
康诺利将“赏金猎人”组织描述为以美国和英国为基地的青少年和年轻人松散联盟。该组织还与其他多起攻击事件有关联,其中包括针对现场娱乐公司Live Nation旗下子公司Ticketmaster的攻击。
Cyberattack shutters Canvas learning platform for schools across the U.S.
May 7, 2026 / 11:40 PM EDT / CBS/AP
A system that thousands of schools and universities use was offline Thursday due to a cyberattack, creating chaos as students tried to study for finals and underscoring education’s dependence on technology.
The hacking group named ShinyHunters claimed responsibility for the breach at Instructure, the company behind the learning management system Canvas, said Luke Connolly, a threat analyst at the cybersecurity firm Emisoft.
CBS News has reached out to Instructure for comment. Late Thursday night, Instructure posted to a status log that Canvas was “now available for most users.”
Some of the universities that have reported being targeted include Penn State, the University of Wisconsin-Madison, Columbia University and Union College New Jersey.
UCLA was among several California schools that reported being crippled by the outage.
Also impacted in the Chicago area were Northwestern University, the University of Chicago, the University of Illinois Chicago and the University of Illinois.
In a message to students, Penn State said that “no one has access” to Canvas, and a “resolution” was not expected “within the next 24 hours.”
The school said all tests scheduled for Thursday and Friday in its Pollock Testing Center were canceled.
The student newspaper at Harvard reported that the system was down there, too. And public school districts also sought to reassure parents, with officials in Spokane, Washington, writing that they aren’t “aware of any sensitive data contained in this breach.”
Canvas is used to manage grades, course notes, assignments, lecture videos and more. The hacking group posted online that nearly 9,000 schools worldwide were affected, with billions of private messages and other records accessed, Connolly said.
Screenshots he provided showed that the group began threatening to leak the trove of data on Sunday, setting deadlines of Thursday and May 12. Connolly said the later date indicates that discussions regarding extortion payments may be ongoing.
Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. Past attacks have hit Minneapolis Public Schools and the Los Angeles Unified School District.
Instructure has not posted about the attack on its social media.
Connolly said the Canvas attack is strikingly similar to a breach at PowerSchool, which also offers learning management tools. In that case, a Massachusetts college student was charged.
Connolly described ShinyHunters as a loose affiliation of teenagers and young adults based in the U.S. and the United Kingdom. The group also has been tied to other attacks, including one aimed at Live Nation’s Ticketmaster subsidiary.
发表回复