Cyber news, tools & one smart career path.
5 min read
Quick Reality Check
Instructure (the company behind Canvas) just paid ShinyHunters ransomware hackers millions to delete data on 75 million students and teachers. But if you think your info is safe now, we need to talk about how ransomware really works.
What happened:
Instructure confirmed the ransom payout after hackers stole sensitive data like Canvas messages, student IDs, and school emails from 75 million users. The group provided shred logs as proof of deletion, returned stolen files, and promised no customer extortion.
Why it matters:
When companies pay ransoms, they're funding the criminals to attack the next victim. Paying ransom is what experts like me call a business of hope. You're shelling out millions betting criminals honor their word, when they might have copied your data 10 times over before hitting delete. These groups run decentralized, so even if the main crew wipes it, rogue hackers who breached the system keep backups for phishing goldmines.
And that’s exactly why understanding how hackers find your information matters so much! On May 20, I’m working with Truman Kain and the Huntress research team for a real-life walk-through of how hackers find public information and break into accounts. Register here
60-Second Protection Fix
Here is what you can do right now to protect yourself if you use Canvas (or your kids do):
-
Treat any “Canvas” or school-themed email as suspicious. Never click links in emails about your grades or financial aid; go directly to your school’s official portal instead. Hackers use stolen message context for convincing phishing.
-
Check for active Canvas sessions and revoke any connected third-party apps or integrations you don’t recognize.
-
Change your Canvas password immediately, especially if your school doesn’t use single sign-on.
-
Check if your data is circulating. Use haveibeenpwned.com to monitor your email, and consider dark web monitoring services to see if your stolen data surfaces in criminal forums.
The hardest truth: once data is stolen, you can't fully stop attackers from using it. But you can make your accounts harder to breach and catch fraud faster. The layer you control now is authentication and vigilance
Want a real-life walk-through of how hackers find your public information and break into your accounts?
On May 20th, I am working with Truman Kain and the Huntress research team to break down exactly how attackers find your public information and "break in". Trust me, you don't want to miss this! Register here
What You Missed This Week
Three things CISOs need to do differently in the AI era.
Are you doing any of these things wrong?
Which Security Agents & Features Actually Make Your Life Easier?!
My personal favorite is the phishing agent, which can automatically triage phishing cases and resolve false positives often within seconds. Thanks, Service Now, for having me. I'm excited to see what you do next
People are randomly losing access to their Instagram!
Some think it’s due to Instagram's new initiative to try to kick bot accounts off the platform, but there is a way to protect yourself just in case it happens to you. Here is what you need to do now
Should companies pay ransomware?
I sat down with Keelin Conant to talk about why paying ransom is a "capitalism issue" fueling criminal economies. Listen or watch it here
Let’s keep building together!
Stay protected,
Cybersecurity Girl
Know someone who’d enjoy this? Pass it along and have them sign-up here! And if you have thoughts or feedback, just hit reply, I’d love to hear from you.
Responses