Cybersecurity officals warn Canvas users about subsequent attacks from hackers

已複製連結

Hong Kong cybersecurity officials on Monday remind local Canvas users to beware of phishing attacks. This comes after a hacker group attacked the US-owned learning management system and leaked the data of millions of users last week.

Canvas is a cloud system used by students and teachers across the world to manage assignments, course notes and grades. The breach is estimated to have affected about 9,000 global education institutions, including five in Hong Kong.

The hacker group ShinyHunters claimed responsibility for the data breach after the incident and set a negotiation deadline of May 12th for Instructure, the parent company of Canvas. The group threatened to leak the stolen data if Instructure ignored the deadline.

While reports say Canvas has resumed service, the Hong Kong Computer Emergency Response Team Coordination Centre said affected institutions and individuals should remain cautious. The centre said hackers may attack Canvas users with phishing links.

Edmond Lai, Chief Digital Officer of HKPC said "We actually don't know what the hackers have obtained in terms of what they can do with the system. I think the special concern is on anything that you received, whether it's an email, a text message or whatsoever. You have to pay extra attention, especially if it contains any link, you need to double check the code behind that link to see if it's really directing (you) to the system or not."

The centre added the Canvas hacking could serve as a reminder for companies and institutions that risks come when you depend on third-party cloud services.