Update: Sunday, May 3, 11:12 a.m.
Instructure reports that while the forensic investigation continues, their teams are taking precautionary steps in Canvas to ensure the security of the platform. The following actions may cause Canvas users to experience some disruption:
- Some application keys have been reissued, requiring users to reauthorize credentials for some tools or content. Reissued application keys contain a timestamp in the name and will be visible to users during re-authorization. These are valid Instructure created keys and users should continue the authorization process. Additional information is available on Instructure's Application Key Timestamp Notice.
- Some tools, including Canvas Data 2, Canvas Beta and Test, remain under maintenance.
- Some customers may be experiencing limited disruption to tools relying on API keys. The Instructure team is actively investigating and has taken precautionary steps to help maintain service stability while they work to restore full functionality.
This a vendor-driven national event affecting multiple institutions. UMass Amherst has not been notified if our campus was directly impacted by the incident. Updates from Instructure can be viewed on their status page: https://status.instructure.com/
UMass IT is continuing to actively monitor the incident and our Canvas administrators are testing usability impacts in our Canvas instance. We will continue to share updates as soon as they are available.
Please contact @email with any questions.
On Saturday, May 2 at 2:48 p.m. ET, UMass Amherst IT received the following email update from Instructure, the publisher of Canvas, regarding the cybersecurity incident.
While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained.
Here are the steps we have taken since we became aware of the incident. We have:
- Revoked privileged credentials and access tokens associated with affected systems
- Deployed patches to enhance system security
- Out of an abundance of caution, we rotated certain keys, even though there is no evidence they were misused
- Implemented increased monitoring across all platforms
While we continue actively investigating, thus far, indications are that the information involved consists of certain identifying information of users at affected institutions, such as names, email addresses, and student ID numbers, as well as messages among users. At this time, we have found no evidence that passwords, dates of birth, government identifiers, or financial information were involved. If that changes, we will notify any impacted institutions.
UMass IT will continue to monitor the issue and will share updates and information as we receive them. Updates will be posted on the UMass IT website.
This is a vendor-driven incident, affecting Canvas users beyond UMass Amherst. Updates from Instructure can be viewed on their status page: https://status.instructure.com/
Please contact [email protected] with any questions.
On Friday, May 1 at 6:46 p.m. ET, UMass Amherst IT received the following email notification from Instructure, the publisher of Canvas, about a cybersecurity incident.
Instructure recently experienced a cybersecurity incident perpetrated by a criminal threat actor. We are actively investigating this incident with the help of outside forensics experts. We are working quickly to understand the extent of the incident and actively taking steps to minimize its impact. Maintaining your trust is our highest priority, and we are committed to transparency throughout this process. We will provide new information as it is confirmed.
This is a vendor-driven incident and Instructure has not commented on the scope of the incident. UMass Amherst IT is monitoring the issue and will share updates and information as we receive them.
Updates from Instructure can be viewed on their status page: https://status.instructure.com/
Please contact @email with any questions.