The ed-tech giant Instructure has acknowledged a data breach which ShinyHunters has claimed it carried out, having obtained 240 million+ records relating to students, teachers, and staff.
The breach allegedly included 240 million+ records including names, email addresses, course enrollment, and private messaging. The stolen data likely relates to approximately 15,000 institutions globally (North America, Europe, and Asia), making it one of the largest education sector breaches in history. Additionally, during finals season, the breach has caused intermittent downtime issues for the Canvas platform itself, impacting students directly. To date, Instructure has not publicly released a detailed account of the full extent of the breach.
Trellix discloses data breach after source code repository hack
Trellix is a cybersecurity firm created after McAfee Enterprise and FireEye merged in 2021, and is one of the top firms in the world of enterprise security. Unfortunately, Trellix has announced that unauthorised hackers accessed some of its source code repositories. Trellix confirmed that the hackers had access to its source code but could not confirm whether any customer data was removed or a ransom demand was made. There are also concerns over the security of its proprietary detection logic and internal tools. Trellix has told customers to stay calm until further notice.
Vimeo data breach exposes personal information of 119k people
Although last week's story about a possible Vimeo data breach is developing into something bigger, we can report today that Have I Been Pwned published a list of email addresses of nearly 120k people who were exposed in the breach. Although Vimeo said "user credentials and financial information were not breached," the company has refused to provide a clear explanation of exactly how the breach happened and what other types of data may have been at risk. As it stands, Vimeo is falling short when it comes to transparency surrounding the breach.
