Schools and universities across the country are recovering from an outage that knocked down Canvas, an online platform that manages exams, course notes, lecture videos and grades.
The cyberattack hit Sacramento State along with several other area colleges at a time when students are preparing for finals and the end of the year.
The hacking group ShinyHunters claimed responsibility for the breach, said Luke Connolly, a threat analyst at the cybersecurity firm Emsisoft. On Friday, Instructure and Canvas no longer appeared on a site where ShinyHunters lists its targets.
Sac State, however, continued to block students and teachers from accessing Canvas on Friday, citing an abundance of caution while assessing security threats.
Finneas Brumbaugh is a four-year student and News and DEI editor at the campus newspaper the State Hornet. He’s been covering the cyberattacks that occurred and joined CapRadio’s Keyshawn Davis to talk about the timeline and impacts of the hack.
*Editor’s Note: This interview was conducted Friday, May 8, at 4 p.m. Shortly after, Brumbaugh reported that Canvas has now been restored at Sacramento State.
This interview is edited for length and clarity.
Interview highlights
We know that hackers from the group ShinyHunters have been able to access private data from Sac State’s Canvas platform. The parent company Instructure has opened the platform back up. What happened today at Sac State?
Around 1:30 this afternoon, [campus officials said] that Canvas will be open until 2:00 p.m. Before this, in the morning and last night the provost sent out messages to faculty saying that students should not be penalized for this incident and encouraging faculty to accommodate students who cannot access Canvas.
They said that this afternoon Canvas will briefly be open between 1:30 and 2:00 p.m. before being closed down again and that the CSU says that they plan on reopening Canvas with all of their security threads resolved by around this evening, Friday evening.
But we don't know yet if that has happened. Some students are saying that they have some functionality, but not all.
Some students are saying that they can access it on mobile but not computer. It's a little bit inconsistent. It was also inconsistent on who was getting what websites or what messages.
Some people got the ShinyHunters message, some people just got the maintenance message. Some people were hearing from Instructure that it was down for scheduled maintenance when it was not. It was because of the cyberattack.
Students are generally so far from what we have heard from—not just Sac State but also community colleges in the area—that this is incredibly poorly timed. Students are really worried about their finals. Finals week is within the next two weeks. A lot of people are graduating within the next two weeks.
How are professors responding?
Instructors have seem to have been sending mass emails throughout all of today that are essentially either saying that there are extensions on deadlines or that deadlines are going to be waved or pushed back. Or even I've gotten messages from my professors saying not even to worry about it that we'll figure it out in class eventually or that assignments are going to be submitted over say email.
It seems to be generally inconsistent but right now professors are kind of scrambling to make sure that students are being accommodated. Students are kind of scrambling to make sure they're hearing from their instructors. At the moment it's a little bit of a scary time, but we're feeling really optimistic that Canvas will be reopened.
I understand there are concerns about data being leaked. What has been leaked?
To our knowledge, things like names, addresses, personal information, demographics may have been leaked. But, we do not leave any passwords or financial information unless financial information was input directly into Canvas by students for some reason because they also have messages, personal messages that may have been sent through the Canvas website. As far as we know, that's what was leaked, but there doesn't seem to be any passwords.
The CSU also advised that students do not try to log in or change their password during this time just in case there's still some sort of phishing or cyberattacks that's still within the system or that may happen again.
Right now, we're just waiting to hear from the CSU when it's going to reopen, when people can log in. Some people have not had to change their passwords, some people have not been able to log in. At the moment, it's a little up in the air. We're just waiting on instructions.
I saw that you emailed the hackers. What was their response?
I reached out to ask if they could share with us what they may have known about CSU Sacramento, how many students were affected, how many files they have from us.
They got back to me within 15 minutes essentially saying that they are not providing comment at this time. I reached out again asking if there would be a time they are providing comment, I did not get any response.
Something to know about ShinyHunters, they are described as being primarily financial and ideological motivated. So they tend to target large companies and if you have ever looked at their data leak site, they list sometimes the reasons for leaking the data—some of it being greed, some of it being poor decisions on the part of their management.
So we don't know why they decided to target Instructure. We will likely by the deadline whether the data gets leaked or not, why they decided to target it, and why it turned out.
As a student yourself, how has this affected you personally?
I graduate in two weeks and it's kind of terrifying. I was so concrete in my plan of exactly what I needed to do to graduate and I saw Canvas go down and I was like, "Oh, no." I was a little terrified.
I was very worried, especially because I have an online class that if it's not resolved by Tuesday by the ransom deadline, I might miss class. I could be missing out on a final assignment that I may need to graduate and it was really scary to think about. I was really relieved also because we found out that the provost actually sent a message not to students but through faculty.
One of my professors was the one who sent it to me saying that this is all the information she has. And so it was a little relieving seeing the university at least had our backs in making sure we weren't penalized, especially because this is a really scary time. Finals are just around the corner. A lot of people are completing their final projects right now.
