2026年5月12日 / 美国东部时间上午10:23 / 哥伦比亚广播公司/美联社报道
运营在线学习系统Canvas的公司表示,已与黑客达成协议,将其在一次网络攻击中窃取的数据删除。此次攻击给学生们造成了混乱,其中许多人正处于期末考试阶段。
Canvas的母公司Instructure在一篇在线帖子中表示,其“已与此次事件中的未授权行为人达成协议”。
该公司未透露协议的任何细节,包括是否涉及付款,也未详细说明此次黑客攻击的幕后人员。Instructure在调查期间暂时下线了该系统,将学生和教职员工拒之门外。
Instructure首席执行官史蒂夫·戴利也就此次攻击发布了道歉声明。
“你们理应从我们这里获得更连贯的沟通,而我们未能做到,”戴利说道。“对此我深表歉意。”
一个名为ShinyHunters的黑客组织宣称对上周的数据泄露事件负责,并威胁称,如果各学校不在5月6日前支付赎金,就将泄露涉及全球近9000所学校和2.75亿个人的数据。该组织随后延长了最后期限,并表示部分学校已与其接触进行谈判。
作为协议的一部分,被盗数据已返还给Instructure。该公司周一表示,还收到了黑客销毁所有剩余副本的“数字确认”,形式为“销毁日志”。
该公司承认,无法确保数据被永久删除,并表示之所以采取这一行动,是因为担心数据可能被公开。
“Instructure方面表示:“虽然与网络犯罪分子打交道时永远无法百分百确定,但我们认为,尽我们所能采取一切可控措施,为客户提供额外的安心,这一点很重要。”
Instructure首席信息安全官史蒂夫·普劳德本月早些时候表示,此次数据泄露涉及Canvas平台上的学生ID号、电子邮件地址、姓名和私信。该公司表示,未发现密码、出生日期、政府身份证件或财务信息遭到泄露的证据。
该公司表示,正与“专业供应商”合作进行取证分析,“进一步强化”其系统,并对“涉及的数据进行全面审查”。
上周,学生和教职员工被锁在这个他们用于管理成绩、查阅课程笔记和作业的平台之外,此次停摆引发了恐慌。
各级学校和大学几乎使用Canvas来管理教学的所有环节。该平台兼具成绩册、数字讲座和课程资料中心、课堂项目讨论论坛以及师生之间的消息平台等多种功能。
部分课程还会在该平台上进行测验和考试,或是将其作为最终项目和论文按时提交的门户。
Canvas’ parent company strikes deal with hackers to delete data stolen from educational platform
May 12, 2026 / 10:23 AM EDT / CBS/AP
The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.
Instructure, the parent company of Canvas, said in an online post that it “reached an agreement with the unauthorized actor involved in this incident.”
The company didn’t provide any details on the agreement, including whether it involved a payment, and didn’t elaborate who was behind the hack. Instructure temporarily took the system offline while it investigated, locking out students and faculty.
Instructure CEO Steve Daly also posted an apology about the attack.
“You deserved more consistent communication from us, and we didn’t deliver it,” Daly said. “I’m sorry for that.”
A hacking group named ShinyHunters claimed responsibility for last week’s breach, threatening to leak data involving nearly 9,000 schools worldwide and 275 million individuals if schools did not pay a ransom by May 6. The group then extended the deadline, indicating some schools had engaged with them to negotiate.
As part of the deal, the data was returned to Instructure. The company said Monday it also received “digital confirmation” the hackers destroyed any remaining copies, in the form of “shred logs.”
The company acknowledged there was no way to be sure the data was erased for good, and said it took action because of concerns about potential publication of the data.
“While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” Instructure said.
The data breach appeared to involve student ID numbers, email addresses, names and messages on the Canvas platform, Instructure’s chief information security officer, Steve Proud, said earlier this month. The company found no evidence that passwords, dates of birth, government identification or financial information were compromised, it said.
The company said it was working with “expert vendors” to do a forensic analysis, “further harden” its systems, and carry out a “comprehensive review of the data involved.”
The disruption caused panic last week among students and faculty members when they were locked out of a platform they rely on to manage grades and access course notes and assignments.
Schools and universities use Canvas to manage nearly all aspects of instruction. The platform acts as a gradebook, a hub for digital lectures and course materials, a discussion board for classroom projects, and a messaging platform between students and instructors.
Some courses also give quizzes and exams on the platform, or use it as a portal where final projects and papers are submitted on deadline.
发表回复