ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.
- Victim
- Instructure (Canvas LMS)
- Loss
- $10.0M
- Records
- 275.0M
A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.
- Victim
- Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
- Records
- 560.0M